Resources Following Change Healthcare Cyberattack

By: Sara Hussey, ACMS Executive Director

On February 21, Change Healthcare, a prominent provider of revenue cycle management and clinical data exchange solutions, fell victim to a cyberattack that compromised sensitive data, including patient records and financial information. The incident raised alarms across the healthcare sector, highlighting the sophistication of cyber threats targeting medical institutions. The ramifications of such breaches extend beyond financial losses, posing grave threats to patient privacy, trust, and overall healthcare delivery.

On Saturday, March 9, Centers for Medicare (CMS) and Medicaid Services announced a new opportunity for physicians impacted by the cyberattack and resulting disruptions with Change Healthcare to request advanced Medicare payments to help with cash flow disruptions. The details of the program, terms, and the steps needed to apply can be found in the links below.

Fact Sheet –

CMS Statement –

The ACMS will continue to update this blog post with additional resources and articles as they are made available. If you have any resources you wish to share with the ACMS membership please email them to ACMS Executive Director, Sara Hussey.


AMA Resources  – Continuous Updates

PAMED Resources [member login required]

Change Healthcare/ Optum Payment Disruption (CHOPD) Accelerated and Advance Payments for Part A Providers and Part B Suppliers Frequently Asked Questions

CMS releases Medicaid payment flexibilities during Change cyberattack (3/18/24)

AHIP Statement on Response to Cyberattack (3/12/2024)

AMA Update: Change Healthcare breach: Financial relief, resources and next steps for physicians with Todd Askew

Shapiro Administration Urges Insurer Flexibility, Assistance In Responding To Change Healthcare Cyber Attack

Department of Health and Human Services Statement

United Health Group Site Resources

Novitas Advance Payments for Providers

QPP Deadline Extension: MIPS 2023 Data Submission Now Open Until April 15

  • Based on AMA advocacy and ongoing concern with the impact the Change Healthcare cybersecurity attack is having on physician practices, CMS has extended the 2023 MIPS data submission deadline until April 15. Notably, this attack on our nation’s health care infrastructure coincides with the 2023 MIPS data submission window, which opened on January 2 and originally was scheduled to close on April 1.
  • The AMA welcomes this extension until April 15, but we are concerned the timeline is insufficient. Therefore, we will continue to push CMS to automatically apply the Extreme and Uncontrollable Circumstances (EUC) hardship exception to all MIPS eligible clinicians for the 2023 performance period. Alternatively, we will encourage CMS to reopen the hardship exception application for the 2023 performance period and allow eligible clinicians to claim an exception due to the Change Healthcare cyberattack.


Reuters: UnitedHealth says advanced over $2 bln in payments to providers (3/19/24)

Pittsburgh Business Times: Highmark Health unveils way to help cash-strapped health practices after cyberattack

CNN: We’re hemorrhaging money’: US health clinics try to stay open after unprecedented cyberattack

AMA Response: AMA response to UnitedHealth Group update on Change Healthcare cyberattack

Wallstreet Journal: UnitedHealth Aims to Restore Change Healthcare Systems Within Two Weeks

New York Times: With Cyberattack Fix Weeks Away, Health Providers Slam United

TechTarget: The Change Healthcare attack: Explaining how it happened

Modern Healthcare: Feds launch investigation into UnitedHealth over Change cyberattack

Modern Healthcare: White House presses UnitedHealth on Change outage at meeting

Modern Healthcare: ‘Nightmare’: Pharmacies, hospitals reel from Change Healthcare outage

Payer Information/Links: