Responding to the Change Healthcare Cyberattack

2 minute
newspaper headline "cyber attack"

As many of our clients are aware, Change Healthcare—Optum’s claims processing platform—experienced a cyberattack on February 21, 2024. Change has disconnected its systems to limit any impact from the cyberattack, and is posting regular updates on the status of its progress in recovering from the attack.

In the meantime, lack of access to Change’s platform is causing significant cash flow issues for many provider organizations. Management should understand both the potential impacts of the cyberattack and steps they can take to mitigate any adverse effects on their revenue cycle and liquidity.

Impacts of the cyberattack

The most significant impact of the shutdown of Change’s platform is that provider organizations are no longer able to send claims information through Change’s clearinghouse platform and are no longer able to receive claim information back from payers through the platform. Cash posting has also been affected because provider organizations do not have the data needed to match with any funds deposited by payers in bank accounts.

Until the match between claims data and deposited funds can be made, any funds received must be assigned to the pending general ledger, which inflates accounts receivable and depresses days cash on hand. This can be a particularly significant issue for organizations that are approaching a March 31 fiscal year end or a test of bond covenants, especially if they had less robust balance sheets preceding the cyberattack.

Optum’s move to quickly disconnect Change’s systems should help to mitigate the potential for data compromise within its client organizations, but the incident does highlight the ongoing risk of data breaches and other cybersecurity concerns.

How provider organizations can respond

The most important step provider organizations can take is to maintain accurate information for held outbound claims and ensure that a queue is being built to reconcile incoming payments when data again becomes available. Organizations should be mindful that, once connectivity with Change is reestablished, it may take some time to clear the backlog of unprocessed claims.

While Optum has disconnected Change’s systems, many provider organizations have also moved to disconnect from Change to further protect against the risk of a data breach or other cybersecurity incident. Organizations should be establishing a framework to reconnect with Change once it has recovered from the cyberattack, including any internal IT requirements and any external documentation needed from Change.

For organizations that are experiencing a significant strain on cash flow, and that have limited financial reserves, now also may be the time to explore drawing on revolvers or considering other options for enhancing liquidity.

There are some alternatives for claims submissions, including Change’s competitors and the enhanced healthcare services offered by some of the larger banks. Organizations should expect, however, a lag of weeks or even months before these alternatives could become functional.

We understand the difficulties that this cyberattack has caused and would be happy to answer any questions. Please contact Robert Turner or James Green

Similar Resources