CMS Offers Payments to Change Healthcare Cyberattack Victims

March 12, 2024
Faridat Animashaun

Health care providers affected by the Change Healthcare cyberattack may apply for accelerated and advance payments, the U.S. Department of Health and Human Services (HHS) and Centers for Medicare & Medicaid Services (CMS) announced March 9.

Change Healthcare, part of Optum under UnitedHealth Group (UHG), reported the cyberattack Feb. 21, and acknowledged the attack was perpetrated by threat actor ALPHV BlackCat. CMS is frequently communicating with UHG and Change/Optum and will continue advocating for continuity of operations for all affected health care providers and suppliers, the agency said.

To remedy insurance claims disruptions, CMS has made available Change Healthcare/Optum Payment Disruption (CHOPD) accelerated payments to Medicare Part A providers and advance payments to Part B suppliers. Medicare administrative contractors (MACs) may grant the CHOPD accelerated and advance payments in amounts that represent up to 30 days of claims payments to eligible providers and suppliers. The average 30-day payment is based on the total claims paid to the provider or supplier between August 1, 2023, and October 31, 2023, divided by three. These payments will automatically be recouped from Medicare claims for a period of 90 days. CMS will issue a demand for any remaining balance on day 91 after issuing the payment.

CMS’ fact sheet also outlines eligible suppliers, required certifications, required acknowledgment of terms, and payment amounts. Staff at hospitals, health systems, and other providers should contact their MACs for more information and to apply. All MACs will publish instructions for requesting a Medicare accelerated or advance payment on their websites.

Further, America’s Essential Hospitals on March 8 sent a letter to HHS Secretary Xavier Becerra acknowledging the Medicare payment flexibility the agency provided and emphasizing the need for expedited funding support through state Medicaid programs. CMS continues to collaborate with states and urges Medicaid managed care plans to make prospective payments to affected providers, the agency said in a March 10 statement.

In a March 10 letter to health care leaders, HHS Secretary Xavier Becerra called on UHG, other insurance companies, clearinghouses, and health care entities to take additional actions to mitigate the cyberattack’s harm to patients and providers, particularly providers filling a safety net role.

Contact Director of Policy Rob Nelb, MPH, at rnelb@essentialhospitals.org or 202.585.0127 with questions.

Keep up with the pulse of America's Essential Hospitals

Members: Sign up for email updates.