As the health-care community continues to suffer billing and payment delays following the February cyberattack on Change Healthcare, the Centers for Medicare & Medicaid Services (CMS) released a list of resources for providers.
“CMS has passed along a 35-page document with resources related to the Change Healthcare cyberattack disruption and contact information for United Health Group, AmeriHealth Caritas, Blue Cross Blue Shield, Centene, Cigna, CVS Health, Elevance Health, Humana, Kaiser Permanente, Molina Healthcare, along with other payers and subsidiaries,” the American Association for Homecare (AAHomecare) said in an April 19 bulletin.
Advice and info from specific payers
“CMS shared these resources with AAHomecare along with their response to our Mar. 13 letter requesting relief and timely-filing extensions for suppliers serving patients covered by Medicare Part C. Suppliers may find the contact information for plan administrators useful going forward,” the association announcement added.
The resources letter was signed by Andrea Palm, deputy secretary of the Department of Health & Human Services (HHS); Dawn O’Connell, assistant secretary for preparedness and response; and Chiquita Brooks-LaSure, CMS administrator.
“We also continue to hear from providers that you have sometimes had difficulty getting answers from health-care plans about the availability of prospective payments or the flexibilities you may need while the Change Healthcare platform is unavailable,” the letter said. “HHS asked health plans to provide specific national contact information that providers can use when they need this information, and we are providing that information to you enclosed with this letter.
“Please share this resource with providers who need it. However, if you have a regional point of contact for your health plan, we’d suggest you reach out to them first. If you reach out to these contacts and do not receive a response, please contact us at [email protected].”
The resource pages contain information about specific payers and provide contact phone numbers and email addresses; information on funding assistance programs, if available; suggestions for alternative digital trading partners; and troubleshooting tips and workarounds. The pages also explain how individual payers were impacted by the cyberattack.
UnitedHealth paid ransom in attempt to safeguard patient data
On April 22 UnitedHealth Group, which owns Change Healthcare, provided an update on the cyberattack and UnitedHealth’s response.
“Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America,” the UnitedHealth announcement said. “To date, the company has not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data.
“Given the ongoing nature and complexity of the data review, it is likely to take several months of continued analysis before enough information will be available to identify and notify impacted customers and individuals. As the company continues to work with leading industry experts to analyze data involved in this cyberattack, it is immediately providing support and robust protections rather than waiting until the conclusion of the data review.”
UnitedHealth encouraged patients concerned about the data breach to visit the website it’s created to provide resources and information. “A dedicated call center [866-262-5342] has been established to offer free credit monitoring and identity theft protections for two years to anyone impacted,” the announcement added. “The call center will also include trained clinicians to provide support services. Given the ongoing nature and complexity of the data review, the call center will not be able to provide any specifics on individual data impact at this time.”
Also on April 22, multiple news organizations, including CNBC and CBS, reported that in an attempt to prevent the leak of patient information, UnitedHealth paid a ransom to those responsible for the cyberattack.
But patient data was still compromised. “The company, along with leading external industry experts, continues to monitor the internet and dark web to determine if data has been published,” UnitedHealth said.
