Change Healthcare Cyberattack Information

Originally published 3/9/24. 

Updated 3/19/24
The Centers for Medicare and Medicaid Services (CMS) has announced physician practices impacted by the Change Healthcare cyberattack can request advanced Medicare payments to help with cash flow disruptions.

CMS has reopened the 2023 Merit-based Incentive Payment System (MIPS) Extreme and Uncontrollable Circumstances (EUC) hardship application due to the Change Healthcare cyberattack. The deadline to apply for an exemption is April 15, 2024. The hardship exemption is not automatic and requires physicians to apply. If a physician or practice has already submitted data and would like to take advantage of this flexibility, it requires logging into the CMS portal and updating the submission. If a physician or practice would like to still be scored on the 2023 MIPS Program, the extended deadline to submit data remains April 15, 2024. 

On February 21, Change Healthcare, which is owned by UnitedHealth Group (UHG),  experienced a cyberattack that has taken its systems offline. Change’s IT platform connects health care providers and pharmacies with payers. With claims processing systems offline, some providers could experience cashflow problems. According to Change, those most impacted are the roughly 8 percent of providers whose claims flow to payers exclusively through Change. For other providers and pharmacy management services, UHG says it has created workarounds to keep medical and pharmacy claims flowing. UHG has set up a temporary funding assistance program for providers unable to receive payment distributions, and the Biden Administration is discussing possible avenues for financial relief to hospitals. The American Medical Association has also created a dedicated webpage on the issue. ACOI members being negatively impacted by the incident are asked to share their experiences with ACOI at acoi@acoi.org.