Skip to main content

The Change Healthcare Attack: What Payers Need To Know

Analysis  |  By Marie DeFreitas  
   March 15, 2024

The attack is rippling through the healthcare industry and affecting everyone, including payers.

News of the Change Healthcare ransomware attack is plastered everywhere.

Late last month the technology company that was purchased by UnitedHealth Group, saw a massive cyberattack that is still being felt by health systems across the country.

As we know, Change Healthcare, a company that processes medical payments, touches about one out of every three patients in the U.S. One of the main challenges from this attack has been for providers as they are struggling to access the data they need to process prior authorizations and claims in order to get paid.

It also had a great effect on pharmacies, hospitals and patients trying to access their prescriptions. Patients and their insurance coverage are also feeling the effects, with many consumers paying out-of-pocket to get their refills.

The attack has, overall, wreaked havoc, with some health care providers losing up to an estimated $100 million a day.

On March 5, HHS stated that it would expedite payments to affected hospitals and get other workarounds in motion. CMS is also stepping in, encouraging Medicare Advantage systems and Part D sponsors to relax or remove prior authorizations. It’s also asking MA plans to offer advanced funds to providers and encouraging providers to ask for new electronic data interchanges from their MA contractors to process claims, and to inform their contractors that they must accept these manually processed claims.

So far, Change Healthcare has been hit with six class-action lawsuits following the attack, including three in Tennessee and two in Minnesota where parent company UnitedHealthGroup is headquartered.

On March 12, AHIP released a statement response to the attack, saying:

“Given the very wide variability of impact across the system, individual plans and providers are in the best position to assess how to maintain appropriate payments in a timely manner—and also to minimize the need for reconciliation processes.”

The response goes on to note that exemptions from prior authorizations during this time when systems are making advance payments could expose patients and employers to “fraud, waste and, unnecessary costs.”

The American Medical Association was not impressed with AHIPA’s seemingly lackadaisical response; President Jesse M. Ehrenfeld MD, MPH called out the response as a dumbfounding “business as usual approach” after weeks of silence and lack of assistance by AHIPA.

“This approach is particularly galling since service outages have exacerbated the administrative burdens and care delays already associated with this process,” said Ehrenfeld. “Prioritizing profits over the stability and solvency of our care delivery system starkly contrasts with the Biden Administration’s appeal to health plans to “meet the moment.”

The Effect on Payers

As The Biden Administration and HHS dial up the pressure on payers to create a bridge by making advanced payments to providers, some are feeling the effects of the attack more than others.

Aetna sent a message to providers stating that it is aware that some of its providers are experiencing the lack of timely payments. The insurer said it is working to assess the impact on claims payments and recommended its providers to use other approved transaction vendors. Aetna said it would not “liberalize any prior authorization requirements at this time.”

Humana uses Change Healthcare’s system for about 20 percent of its provider claims before it reaches the insurer, thus making it difficult to examine the total medical expenses, reported Bloomberg. Humana also uses Change for their dental and D-SNP business and said it is still evaluating the effects of the hack. Humana, as well as Elevance have already moved to Change competitor Availity to process payments.

As for UnitedHealth, the insurer has announced two programs to advance funding to providers and has encouraged its rivals to do the same.

Insurance reps are on track to meet with U.S. health officials, reported Bloomberg. This meeting follows an earlier meeting this week attended by UnitedHealth Chief Executive Officer Andrew Witty, along with other industry executives and top US health officials.


The Aftereffect

As we see scrambling providers and frustrated payers, this event may even impact payer-provider relations down the road. How a payer handles this situation and whether or not they make these timely advanced payments to their provider may set the tone for future contracts.

When it’s time to renew contracts, will providers wave off their payers who didn’t provide timely payments or assistance during this crisis? It’s too soon to tell, but one thing is sure: the interdependence of the healthcare industry is vital, especially in times like these.

Marie DeFreitas is an associate content specialist at HealthLeaders.


The Change Healthcare ransomware attack that occurred on Feb. 21 has wreaked havoc on health systems across the country

The attack is crippling health systems, particularly providers, some of whom are losing as much as $100M a day

Multiple government entities are now encouraging payers to send advancements to providers who are unable to process prior authorizations and claims

How payers handle this large-scale event may affect payer-provider relations down the line

Get the latest on healthcare leadership in your inbox.