HHS Statement Regarding the Cyberattack on Change Healthcare

The U.S. Department of Health and Human Services (HHS) is aware that Change Healthcare – a unit of UnitedHealth Group  – was impacted by a cybersecurity incident in late February. HHS recognizes the impact this attack has had on health care operations across the country. HHS’ first priority is to help coordinate efforts to avoid disruptions to care throughout the health care system. HHS is in regular contact with UHG leadership, state partners, and with numerous external stakeholders to better understand the nature of the impacts and to ensure the effectiveness of UHG’s response. HHS has made clear its expectation that UHG does everything in its power to ensure continuity of operations for all health care providers impacted and HHS appreciates UHG’s continuous efforts to do so. HHS is aware that numerous providers have highlighted potential cash flow concerns to HHS stemming from an inability to submit claims and receive payments. HHS has heard these concerns and is taking direct action and working to support the important needs of the health care community. HHS is working with CMS to assist providers to continue serving patients. Providers should continue to work with all their payers for the latest updates on how to receive timely payments, and be aware of the flexibilities in place during this period. HHS also takes this opportunity to encourage all providers, technology vendors, and members of the health care ecosystem to double down on cybersecurity, with urgency. The system and the American people can ill afford further disruptions in care. Please visit the HPH Cyber Performance Goals website for more details on steps to stay protected.