CMS To End Change Healthcare Cyberattack Financial Relief Program

Dive Brief:

• The CMS is ending a Medicare funding program offering financial support to providers during the cyberattack on Change Healthcare.
• The relief program, which will no longer accept applications after July 12, was launched in early March as providers reported challenges receiving payments and submitting claims during the outage.
• Under the program, accelerated payments were issued to more than 4,200 Medicare Part A providers, totaling more than $2.6 billion, according to the CMS. The agency also provided over 4,700 advance payments to Part B suppliers, reaching more than $717.2 million.

Dive Insight:

The Change cyberattack caused disruptions across the healthcare sector for weeks, hamstringing key tasks like eligibility checks, prior authorization and prescription fulfillment. 

Providers faced mounting financial challenges from the attack on Change, a major medical claims processor that manages billions of transactions annually. 

A survey by the American Hospital Association published in March found 94% of hospitals reported financial impact from the outage, with more than half saying the effects were “significant or serious.” 

Provider groups urged federal regulators to take action to mitigate the financial damage caused by the cyberattack. The CMS rolled out the Medicare relief program and flexibilities for state Medicaid agencies in March. 

UnitedHealth, which acquired Change nearly two years ago, also stood up its own financial assistance for providers. The healthcare giant said it has advanced more than $6.5 billion through its loan program. 

Yet now, the CMS said providers and suppliers are once again successfully billing Medicare, and regulators have already recovered 96% of payments made under the program.

Still, the agency said it would continue to monitor other impacts from the cyberattack. Last week, the Biden administration said it would give providers affected by the cyberattack more time to request out-of-network billing arbitration under the No Surprises Act.

Providers had reported they were unable to start the independent dispute resolution process on time because information from health plans was delayed following the attack.