Skip to main content

Pressure Builds for Federal Intervention on Change Healthcare Cyberattack

Analysis  |  By Eric Wicklund  
   March 05, 2024

Both the AHA and AMA have called on federal officials to take action on the two-week old cyberattack, including asking United HealthGroup to be more transparent on its actions to resolve the issue

The American Hospital Association has added its voice to growing calls for federal intervention in the Change Healthcare cyberattack.

In a March 4 letter to Congressional leaders, AHA President and CEO Richard Pollack said the “unprecedented attack,” now more than two weeks old, has severely affected the nation’s healthcare industry.  He said the organization has been in touch with UnitedHealth Group officials regarding the outage, asking for more transparency about what happened, a timeline on when the issue would be resolved, and temporary access to advance payments to help providers during the down-time.

“Unfortunately, UnitedHealth Group’s efforts to date have not been able to meaningfully mitigate the impact to our field,” Pollack said in the letter. “Workarounds to address prior authorization, as well as claims processing and payment are not universally available and, when they are, can be expensive, time consuming and inefficient to implement. For example, manually typing claims into unique payer portals or sending by fax machine requires additional hours and labor costs, and switching revenue cycle vendors requires hospitals and health systems to pay new vendor fees and can take months to implement properly.”

In addition, UnitedHealth Group’s “Temporary Funding Assistance Program” that it stood up as part of its response on March 1 will not come close to meeting the needs of our members as they struggle to meet the financial demands of payroll, supplies and bond covenant requirements, among others,” he added. “We will continue to work with UnitedHealth Group as this situation evolves to communicate the state of the field and ensure support for our members and the patients they serve.”

Pollack said the AHA had sent a letter to Health and Human Services Secretary Javier Becerra on February 26 asking HHS to step in and take action. Specifically, they asked Becerra to:

  • Direct Medicare Administrative Contractors to prioritize and expedite review and approval of hospital requests for Medicare advanced payments.
  • Issue guidance to payers on how they should be handling payments during this time.
  • Pressure UnitedHealth Group officials to make sure they’re taking all the necessary steps to remedy the situation, including “implementing a meaningful financial assistance program and engaging in frequent and forthright communication with providers.”

“This incident demands a whole of government response,” Pollack added. “We therefore urge Congress to consider any statutory limitations that may exist for any federal agencies that can assist hospitals at this critical moment. If such limitations exist, the Executive Branch may be unable to provide solutions to ensure our nation’s provider network remains solvent and serves patients.”

Both the AHA and American Medical Association have asked the federal government to take action on what may be the largest and most damaging cyberattack in healthcare to date.

The cyberattack on the IT business of UnitedHealth, which came to light roughly two weeks ago, has crippled operations at thousands of pharmacies across the country, and in doing so affected many more providers. Experts estimate the industry is losing more than $100 million a day due to the outage, which is rumored to have been a ransomware attack.

“Change Healthcare is the predominant source of more than 100 critical functions that keep the healthcare system operating,” Pollack noted in his letter. “Among them, Change Healthcare manages the clinical criteria used to authorize a substantial portion of patient care and coverage, processes billions of claims, supports clinical information exchange, and processes drug prescriptions. Significant portions of Change Healthcare’s functionality have been crippled. As a result, patients have struggled to get timely access to care and billions of dollars have stopped flowing to providers, thereby threatening the financial viability of hospitals, health systems, physician offices and other providers.”

Eric Wicklund is the associate content manager and senior editor for Innovation, Technology, and Pharma for HealthLeaders.


A suspected ransomware attack has crippled the operations of Change Healthcare, the IT arm of the UnitedHealth Group, for more than two weeks

Both the AMA and AHA have asked federal officials to take action to help struggling providers, including setting expectations for payers and asking UnitedHealth Group executives to be more forthcoming in how they're dealing with the issue

Both are also asking that more funding be set aside to help providers during the outage.

Get the latest on healthcare leadership in your inbox.