What You Need to Know About the Change Healthcare Cyberattack

If you’ve had a keen eye on the news lately, chances are you might’ve seen some headlines about Change Healthcare and some cybersecurity issues but haven’t yet gleaned enough information to grasp the problem's scope fully. Despite its widespread impact on the healthcare industry, the Change Healthcare cyberattack hasn’t received as much attention from the media as you might expect. To ensure rehab therapists are informed about exactly how their practice revenue might be impacted, we’ve gathered all the facts known to date below. 

What happened with the Change Healthcare cyberattack? 

On February 21, Change Healthcare was hit with a ransomware attack by hackers calling themselves AlphV or BlackCat. As a result, Change Healthcare disconnected its services from third-party platforms—including WebPT Billing, Insight, and Therabill. As a result, many providers have been unable to submit claims, and patients waiting on needed prescriptions or services have been similarly shut out as hospitals and pharmacies are unable to process those requests.  

As it stands, progress is being made to fix the issues created by the hack. UnitedHealth Group (Change Healthcare’s parent company) has been providing status updates as they work to restore services. The latest update as of March 7, 2024 states that, regarding claims, 

“As workarounds continue to be deployed, our latest data shows 90% of claims are flowing uninterrupted. Fast adoption and implementation of additional solutions by payers and providers could increase claims to 95% sometime next week.”   

Did Change Healthcare pay a ransom?

Perhaps. A report from Wired, Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment references blockchain transactions that seem to show AlphV or BlackCat receiving 350 bitcoins—equivalent to roughly $22 million.  However, a Change Healthcare spokesperson declined to confirm or deny the payment to Wired.    

Who is Change Healthcare?

While you might not have heard the name Change Healthcare before the recent news, they’re a fairly big cog in the current healthcare system. Change Healthcare is a clearinghouse owned by the commercial insurance giant United Healthcare (UHC). 

What exactly does a clearinghouse do? 

The essential functions a clearinghouse performs are a large reason why this hack has created so much panic for many patients, healthcare providers, and healthcare organizations. Clearinghouses serve as the intermediary for submitting electronic medical information (particularly claims data) between healthcare providers, organizations, and insurance payers. These claims often include pharmacy claims, dental claims, durable medical equipment (DME) claims, inpatient and outpatient service claims, and more. And since UHC serves as the largest commercial insurance company in the country, you can imagine the vast amounts of data that Change Healthcare’s systems come into contact with daily.

How might rehab therapy clinics be affected?

The media coverage of the Change Healthcare cyberattack has focused on pharmacies, hospitals, and physician offices. That doesn’t mean that rehab therapy clinics have been immune, however. While Change Healthcare has restored almost all of its claims services at this point, working through the backlog of claims could mean that payment and remittance processes are left playing catchup for the foreseeable future.   

What is WebPT doing?

To protect Members’ secure data, WebPT has disconnected our systems from Change Healthcare until a secure solution can be achieved. WebPT’s security team is actively monitoring the situation and has seen no indication of any compromise of any WebPT Member’s data at this time. Protecting the data of our Members is our top priority. 

WebPT is actively working on identifying and implementing options for our Members whose claims are processed through Change Healthcare. We will reach out to Members when those options become available for their particular situation. Our teams are working to implement solutions for all of our Members, and we expect to begin rerouting a large majority of those affected in the next few days. 

Unfortunately, this means that until a workaround is implemented, claims going through Change Healthcare will not be submitted, and remittance advice that comes from Change Healthcare will not be available until this disruption is resolved. WebPT’s RCM and Billing teams are continuing to provide ongoing support by facilitating the process of getting claims affected by Change Healthcare processed accordingly and are reaching out to affected Members on next steps.

What can rehab therapy clinics do right now to submit claims?

To start, don’t panic. As almost every facet of the healthcare sector was affected by the cyber attack, Health and Human Services (HHS) has stepped in to ensure that claims can be processed. CMS is urging Medicare Advantage organizations and Part D sponsors to be more lax in prior authorizations and to extend advanced payment to affected healthcare providers. They’re also advising providers to request new electronic data interchanges (EDI) from their Medicare Administrative Contractors (MAC) to resume claims processing, and accepting paper claims.

In the meantime, now is a great time to have an emergency fund on hand, and to remember that HHS has ensured that all valid claims will be recognized and remitted—it just may take longer than anyone wants. Following the advice of HHS, any rehab therapy clinics that find themselves short of liquid cash to keep the doors open should reach out to their MACs and commercial payers for payment advances to help all stakeholders get through this tumultuous time.

How to Protect Your Clinic from Future Cyberattacks

So, how can you avoid becoming the next Change Healthcare cyberattack? Fortunately, you don't need to become a cybersecurity expert overnight; you just need to take a few extra precautions in your practice. Here are some tips from the Cybersecurity and Infrastructure Security Agency (CISA).

Turn on two-factor authentication (2FA). You may have avoided it up to this point to skip the extra hassle during sign-in, but 2FA can prevent hackers from accessing your systems. While your password might end up on the dark web in one of the many breaches we see in the news, hackers can’t easily access your phone to get a one-time PIN or see the code from a verification app. 

Update your software. Believe it or not, many hacks are due to the fact that some users aren’t updating their software regularly. Hackers look for flaws, and software companies try to fix these potential weaknesses with regular updates to their products—but if you’re not accepting updates, you’re leaving yourself open to someone exploiting your outdated software.   

Don’t click on unknown links. This is a big one; if initial reporting is to be believed, the Change Healthcare cyberattack started when someone within the organization clicked on a malicious link in a phishing email. Whether or not that’s true, harmful links are a real threat—so exercise caution and judgment in choosing what you click. 

Use strong passwords. It’s a pain to remember a lot of passwords, especially if they’re long and filled with numbers and special characters. That said, getting hacked is an even bigger pain—so take the time to create strong passwords for your different accounts. If it helps, a password manager can help with memorization. 

We’re working to keep you informed. 

The Change Healthcare cyberattack is a constantly changing situation as UHG looks to get its clearinghouse (and seemingly most of American healthcare) back on track. That’s why we’ve created a Status Updates page related to the Change Healthcare security situation so that you can stay informed as relevant changes to WebPT Members come through. Be sure to check back regularly, as we post updates as soon as we receive them.