HHS Statement Regarding the Cyberattack on Change Healthcare HHSgov
pAn official website of the United States governmentppHeres how you knowpp
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock LockA locked padlock or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppThe US Department of Health and Human Services HHS is aware that Change Healthcare a unit of UnitedHealth Group UHG was impacted by a cybersecurity incident in late February HHS recognizes the impact this attack has had on health care operations across the country HHS first priority is to help coordinate efforts to avoid disruptions to care throughout the health care systemppHHS is in regular contact with UHG leadership state partners and with numerous external stakeholders to better understand the nature of the impacts and to ensure the effectiveness of UHGs response HHS has made clear its expectation that UHG does everything in its power to ensure continuity of operations for all health care providers impacted and HHS appreciates UHGs continuous efforts to do so HHS is also leading interagency coordination of the Federal governments related activities including working closely with the Federal Bureau of Investigations FBI the Cybersecurity and Infrastructure Security Agency CISA the White House and other agencies to provide credible actionable threat intelligence to industry wherever possibleppHHS refers directly to UHG for updates on their incident response progress and recovery planning However numerous hospitals doctors pharmacies and other stakeholders have highlighted potential cash flow concerns to HHS stemming from an inability to submit claims and receive payments HHS has heard these concerns and is taking direct action and working to support the important needs of the health care communityppToday HHS is announcing immediate steps that the Centers for Medicare Medicaid Services CMS is taking to assist providers to continue to serve patients CMS will continue to communicate with the health care community and assist as appropriate Providers should continue to work with all their payers for the latest updates on how to receive timely paymentsppAffected parties should be aware of the following flexibilities in placeppCMS has also heard from providers about the availability of accelerated payments like those issued during the COVID19 pandemic We understand that many payers are making funds available while billing systems are offline and providers should take advantage of those opportunities However CMS recognizes that hospitals may face significant cash flow problems from the unusual circumstances impacting hospitals operations and during outages arising from this event facilities may submit accelerated payment requests to their respective servicing MACs for individual consideration We are working to provide additional information to the MACs about the specific items and information a providers request should contain Specific information will be available from the MACs later this weekppThis incident is a reminder of the interconnectedness of the domestic health care ecosystem and of the urgency of strengthening cybersecurity resiliency across the ecosystem Thats why in December 2023 HHS released a concept paper that outlines the Departments cybersecurity strategy for the sector The concept paper builds on the National Cybersecurity Strategy that President Biden released last year focusing specifically on strengthening resilience for hospitals patients and communities threatened by cyberattacks The paper details four pillars for action including publishing new voluntary health carespecific cybersecurity performance goals working with Congress to develop supports and incentives for domestic hospitals to improve cybersecurity increasing accountability within the health care sector and enhancing coordination through a onestop shopppHHS will continue to communicate with the health care sector and encourage continued dialogue among affected parties We will continue to communicate with UHG closely monitor their ongoing response to this cyberattack and promote transparent robust response while working with the industry to close any gaps that remainppHHS also takes this opportunity to encourage all providers technology vendors and members of the health care ecosystem to double down on cybersecurity with urgency The system and the American people can ill afford further disruptions in care Please visit the HPH Cyber Performance Goals website for more details on steps to stay protectedppReceive the latest updates from the Secretary Blogs and News ReleasesppReceive latest updatesppppFor general media inquiries please contact mediahhsgovppReceive the latest updates from the Secretary Blogs and News Releasespp200 Independence Avenue SW
Washington DC 20201
Toll Free Call Center 18776966775p
Official websites use gov
A gov website belongs to an official government organization in the United States
pp
Secure gov websites use HTTPS
A lock LockA locked padlock or https means youve safely connected to the gov website Share sensitive information only on official secure websites
ppThe US Department of Health and Human Services HHS is aware that Change Healthcare a unit of UnitedHealth Group UHG was impacted by a cybersecurity incident in late February HHS recognizes the impact this attack has had on health care operations across the country HHS first priority is to help coordinate efforts to avoid disruptions to care throughout the health care systemppHHS is in regular contact with UHG leadership state partners and with numerous external stakeholders to better understand the nature of the impacts and to ensure the effectiveness of UHGs response HHS has made clear its expectation that UHG does everything in its power to ensure continuity of operations for all health care providers impacted and HHS appreciates UHGs continuous efforts to do so HHS is also leading interagency coordination of the Federal governments related activities including working closely with the Federal Bureau of Investigations FBI the Cybersecurity and Infrastructure Security Agency CISA the White House and other agencies to provide credible actionable threat intelligence to industry wherever possibleppHHS refers directly to UHG for updates on their incident response progress and recovery planning However numerous hospitals doctors pharmacies and other stakeholders have highlighted potential cash flow concerns to HHS stemming from an inability to submit claims and receive payments HHS has heard these concerns and is taking direct action and working to support the important needs of the health care communityppToday HHS is announcing immediate steps that the Centers for Medicare Medicaid Services CMS is taking to assist providers to continue to serve patients CMS will continue to communicate with the health care community and assist as appropriate Providers should continue to work with all their payers for the latest updates on how to receive timely paymentsppAffected parties should be aware of the following flexibilities in placeppCMS has also heard from providers about the availability of accelerated payments like those issued during the COVID19 pandemic We understand that many payers are making funds available while billing systems are offline and providers should take advantage of those opportunities However CMS recognizes that hospitals may face significant cash flow problems from the unusual circumstances impacting hospitals operations and during outages arising from this event facilities may submit accelerated payment requests to their respective servicing MACs for individual consideration We are working to provide additional information to the MACs about the specific items and information a providers request should contain Specific information will be available from the MACs later this weekppThis incident is a reminder of the interconnectedness of the domestic health care ecosystem and of the urgency of strengthening cybersecurity resiliency across the ecosystem Thats why in December 2023 HHS released a concept paper that outlines the Departments cybersecurity strategy for the sector The concept paper builds on the National Cybersecurity Strategy that President Biden released last year focusing specifically on strengthening resilience for hospitals patients and communities threatened by cyberattacks The paper details four pillars for action including publishing new voluntary health carespecific cybersecurity performance goals working with Congress to develop supports and incentives for domestic hospitals to improve cybersecurity increasing accountability within the health care sector and enhancing coordination through a onestop shopppHHS will continue to communicate with the health care sector and encourage continued dialogue among affected parties We will continue to communicate with UHG closely monitor their ongoing response to this cyberattack and promote transparent robust response while working with the industry to close any gaps that remainppHHS also takes this opportunity to encourage all providers technology vendors and members of the health care ecosystem to double down on cybersecurity with urgency The system and the American people can ill afford further disruptions in care Please visit the HPH Cyber Performance Goals website for more details on steps to stay protectedppReceive the latest updates from the Secretary Blogs and News ReleasesppReceive latest updatesppppFor general media inquiries please contact mediahhsgovppReceive the latest updates from the Secretary Blogs and News Releasespp200 Independence Avenue SW
Washington DC 20201
Toll Free Call Center 18776966775p
