CMS Set To Close Multi-Billion Dollar Change Healthcare Cyberattack Relief Program

The Change Healthcare cyberattack disrupted health care providers across the board, including home-based care providers.

Soon, one of the government-backed efforts to offer assistance to those organizations will end. The U.S. Centers for Medicare & Medicaid Services (CMS) announced Monday that its advanced and accelerated payment program tied to the cyberattack will end July 12.

“In the face of one of the most widespread cyberattacks on the U.S. health care industry, CMS promptly took action to get providers and suppliers access to the funds they needed to continue providing patients with vital care,” CMS Administrator Chiquita Brooks-LaSure said in a statement. “Our efforts helped minimize the disruptive fallout from this incident, and we will remain vigilant to be ready to address future events.”


Whenever something completely derails the operations of America’s health care ecosystem, CMS has the authority to grant advanced and accelerated payments to providers that are paid via Medicare or Medicaid.

Effectively, these types of programs function as a short-term loan, giving home-based care providers and others access to capital at a time when their books are in disarray.

“Launched in early March, the [Change Healthcare] payments were designed to ease cash flow disruptions experienced by some Medicare providers and suppliers, such as hospitals, physicians, and pharmacists, due to the unprecedented cyberattack that took health care electronic data interchange Change Healthcare offline in February,” CMS explained in a Monday announcement.


In total, Change-related accelerated payments have been issued to over 4,200 Part A providers, such as hospitals, totaling more than $2.55 billion.

CMS also issued 4,722 advance payments, totaling more than $717.18 million, to Part B suppliers, including doctors, non-physician practitioners and home health agencies, according to the agency.

Many of the providers that capitalized on these pre-payments have already made good on their loans. In fact, of the thousands of payments disrupted, 96% have already been recovered, CMS noted in its announcement.

“A lot of these players only need to find one hole in the boat to get in,” Ben DeBow, founder of Fortified, recently told Home Health Care News. “Once they’re in, they can navigate around. If you’re running on an unsupported legacy platform, then that is not under support anymore. That is a common way into a lot of organizations. Some recent ones came in on a company that were running Windows Server 2003. That’s a very old platform.”

Change Healthcare, a part of UnitedHealth Group (NYSE: UNH) subsidiary Optum, reported enterprise-wide connectivity issues in late February. Not long after, health care providers began experiencing technical difficulties.

On Feb. 26, a ransomware group took responsibility for the attack.

By March, CMS began offering relief to health care providers, and lawmakers began to call out UnitedHealth Group leaders for how they handled the situation. At the start of May, UnitedHealth Group CEO had to testify in front of Congress to answer questions about the cyberattack and his company’s response.

“This hack could have been stopped with cybersecurity 101,” Sen. Ron Wyden (D-Ore.) said during the Senate Committee on Finance hearing.

Companies featured in this article: