A cyberattack on UnitedHealthcare's unit Change Healthcare, a division of Optum, when it was discovered (February 21st), disrupting prescription drug orders at pharmacies and continues to have effects on the entire health care system, leading to major challenges in reimbursement and claims processing for health care professionals and pharmacies. Law enforcement officials indicate the breach appears to be by a foreign country, with the ransomware gang "Blackcat" being identified behind the outage. UnitedHealth Group was forced to disconnect some of Change Healthcare's digital network from its clients, and had not been able to restore all services. The Health Information Sharing and Analysis Center (Health-ISAC) issued a bulletin (https://tinyurl.com/4nn3df7x)providing information regarding maintaining network connectivity with UnitedHealth Group, Optum, and UnitedHealthcare. The American Hospital Association has also published a Cybersecurity Advisory (https://tinyurl.com/2sb8667j) (February 26th) to help navigate this evolving incident. The attack underscores the vulnerability of health care data. The Delaware Department of Insurance issued an announcement (https://tinyurl.com/y57apn26) regarding this attack. The communication indicated that Insurers have been in contact with the Delaware Department of Insurance about this issue and are in communication with contracted providers to inform them of available portals and processes. The Delaware Insurance Data Secrity Act has not yet been triggered, but all parties continue to watch the situation closely. Additionally, the department will be closely monitoring any potential prompt payment compliance issues that may arise as a result of this situation. At this time, there is no indication that consumer data or insurer data has been impacted. However, consumers are still encouraged to engage in personal cybersecurity practices at an enhanced level.

HELPFUL LINKS

Temporary Funding Assistance Program (OPTUM)

Physician Fee Schedule Conversion Factor

Change Healthcare Website Update

Change Healthcare enables new prescribing service amid cyberattack

The Delaware Department of Insurance

HHS has announced new flexibilities

Availity Portal Registration

How to register for PaySpan

Change Health Care Provider Alert

Change Health Care Cyber Attack HBMA Emergency Town Hall 

UnitedHealth to restore hacked medical claims and payment services mid-March

CMS Accelerated and Advance Payments (AAP): All AAP requests are sent to aapteam@cms.hhs.gov with cc’s to Tracy Richardson, Olivia Williams, Victoria Abril, and George Fantaousakis.

Temporary Waiver Requests*: For temporary waiver requests related to Optum/Change Healthcare cyber-attack, that do not represent AAP requests, please forward to the FeeForServiceQuestions@cms.hhs.gov mailbox (examples below):

a)      Prepayments for Medicare FFS claims.

b)      Temporary waiver of three-day stay requirements for post-acute services.

c)      Relief from some CMS reporting requirements.

* Note: The CMS PHE Emergency Web Portal is presently live for any 1135 waiver/flexibility requests and inquiries related to the Hawaii Wildfire only. 

CMS: Change Healthcare/ Optum Payment Disruption (CHOPD) Accelerated and Advance Payments for Part A Providers and Part B Suppliers FAQs