Skip to content

Federal Response to Cyberattack: Support for Health Care Providers and Suppliers

Federal Response to Cyberattack: Support for Health Care Providers and Suppliers


The U.S. Department of Health and Human Services (HHS) and Centers for Medicare & Medicaid Services (CMS) are actively responding to a recent cyberattack targeting Change Healthcare, a subsidiary of UnitedHealth Group (UHG). This incident, occurring in late February, has prompted HHS to collaborate closely with stakeholders to minimize disruptions to health care operations nationwide. Key efforts include working with UHG leadership, state partners, and external stakeholders to understand the impacts and support response efforts.

CMS, under the purview of HHS, has taken immediate steps to assist affected health care providers and suppliers. On March 9, 2024, CMS announced the availability of accelerated payments to Part A providers and advance payments to Part B suppliers affected by claims disruptions due to the cyberattack. These payments, equivalent to up to 30 days of claims payments, will be recouped through automatic deductions from future Medicare claims over a 90-day period.

Eligible providers and suppliers can request these payments, subject to certain certifications and acknowledgments. It's crucial to note that these payments are not loans and must be repaid through standard recoupment procedures, with interest accruing after 30 days of issuance of a demand for repayment.

Providers and suppliers seeking assistance should contact their respective Medicare Administrative Contractors (MACs). Further details and contact information for MACs are available on the CMS website.

Additionally, HHS emphasizes the importance of UHG ensuring continuity of operations for all affected health care providers and is leading interagency coordination efforts with entities such as the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the White House to provide threat intelligence to the industry.

The incident underscores the critical need for enhanced cybersecurity in the health care sector. HHS has outlined a comprehensive cybersecurity strategy focusing on resilience, accountability, and coordination. The department will continue to communicate with stakeholders and promote cybersecurity measures to mitigate future risks.

In summary, CMS remains committed to supporting providers and suppliers during this challenging time and encourages affected parties to reach out for assistance.

Powered By GrowthZone