DOH Survey on Change Healthcare Cyberattack

The Department of Health (DOH/the Department) has released another provider survey to gauge the impact of the Change Healthcare cybersecurity incident.

Survey notices went out to providers today, March 19, 2024.

The updated version of the Change Healthcare Cybersecurity Incident HERDS survey opened at 10:00 am today and must be completed and returned no later than 10:00 am on Wednesday, March 20, 2024.

The survey can be accessed by logging into the Health Commerce System (HCS). Locate HERDS in the “My Applications” list.

Direct questions about the survey to the Department.

Temporary Emergency Funding Available

Temporary emergency funding assistance is accessible through Optum Financial Services.

Funding programs operate on a week-to-week basis, with funding amounts determined by prior claims volume and provider impact level. Recipients must register for the programs via an active Optum Pay account, which will also be used for fund disbursement and repayment. If you do not have an existing Optum Pay account, sign up to receive log-in information. Repayment is not expected until 30 days after billing and payment systems have been restored.

You must enroll to determine your eligibility. There are no enrollment fees for the basic Optum Pay account or the temporary funding program, according to the incident website.

Change Healthcare stresses that this program is NOT for providers with claims submission disruptions. It is only for those whose payment distribution has been impacted. Funding amounts will be determined by prior claims volume and provider impact level.

Wait times for eligibility for the initial temporary assistance program are estimated at four to five days. DOH reports that several agencies have had success with this program. Turnaround time has been as short as 12 hours, and some agencies report already receiving checks.

Background

In late February, Change Healthcare, a unit of UnitedHealth Group (UHG), faced a significant cybersecurity incident, disrupting healthcare operations nationwide. The attack, attributed to the ransomware group BlackCat, rendered electronic claims submission, real-time eligibility verification, and electronic remittance advice (ERAs) non-operational.  Home care agencies and other health care organizations are encountering delays in claims processing and payments, resulting in substantial impacts on revenue and cash flow.

HCP Support

HCP’s Public Policy team will continue to monitor and report on the impact of this wide-reaching cyberattack, including relief measures and actions providers can take to protect themselves. Providers are encouraged to visit the Health and Public Health (HPH) HPH Cyber Performance Goals website for details on steps to stay protected.