Resources to Assist With Change Healthcare Cyber Security Incident

As you are likely aware, on February 21, 2024, Change Healthcare began experiencing a cyber security issue. Once aware of the outside threat, in the interest of protecting its partners and patients, UnitedHealth Group took immediate action to disconnect Change Healthcare’s systems to prevent further impact. Lack of access to these electronic systems is proving very disruptive to health care practices and facilities. Below are some resources to help practices respond. For additional information, please reach out to Jessa Barnard at

The UnitedHealth Group portal: Information on the Change Healthcare Cyber Response - UnitedHealth Group

Below are few recent announcements related to restoration of services:

  • As of March 7th, the majority of Change Network pharmacy services were restored. (Change is the PBM for Medicaid in Vermont and they have been working closely with DVHA to address issues specific to the Medicaid FFS business.)
  • On March 15th, Change’s electronic payment platform was restored and they are now working with payers to implement
  • Beginning on March 18th, Assurance, the medical claims preparation software, was restored and they are working with providers across the country to get them re-connected. They anticipate that all Assurance users will have complete functionality by the end of the week.
  • By March 22, Relay Exchange, the largest clearinghouse will be back online and they will begin working with providers to get them reconnected throughout the week of March 25th.

The UHG portal also has information about the temporary funding options available for providers impacted by the outage. This program provides no-cost temporary funds to help bridge short-term gaps. The repayment period will begin 45 days after claims/payment process services have resumed and payments impacted during the disruption have been processed.

Updates are also available from individual payers, including: 

  • Vermont Medicaid/DVHA, including advanced payment options 
    • Note: DVHA has informed VMS that they are concerned there are a number of practices that have not applied for but may be eligible for advance payments. More information about their advance payment program is available on their pharmacy website: (links at the top of the page) They are concerned that practices may not yet have discovered if claims are being delayed or not reaching DVHA – DVHA is recommending that all Medicaid enrolled providers review the list of Change Healthcare products and applications that were impacted by the February 21 cyberattack at the following link: Optum Solutions Status. The Department is suggesting providers review this list and determine if they are experiencing any previously unknown claims submission or payment issues with Change Healthcare affiliated products. You can also confirm with your Gainwell representative if claims are being received by DVHA. 
    • DVHA has an email address to submit claims submission and payment issues:
  • Medicare and Vermont’s Medicare contractor, NGS, including the accelerated payment program for Part A and Part B providers 
    • CMS has also reopened the 2023 MIPS Extreme and Uncontrollable Circumstances (EUC) hardship application due to the Change Healthcare cyberattack. The deadline to apply for an exemption is April 15, 2024. The 2023 MIPS EUC hardship exemption is not automatic and requires physicians to apply. If a physician or practice has already submitted data and would like to take advantage of this flexibility, it requires logging into the CMS portal and updating the submission. If a physician or practice would like to still be scored on the 2023 MIPS Program, the extended deadline to submit data remains April 15, 2024.
  • BlueCross and BlueShield of Vermont 
    • Note: BCBSVT has informed VMS that they are concerned in some cases claims may not be reaching them and practices are not aware – please check with your clearinghouse to make sure claims are being received 
  • MVP

See also additional resources from the American Medical Association.

Please note, some payers are hearing about an increase in fraudulent activity in the wake of the CHC cybersecurity incident. Practices are receiving calls from people posing as “insurers” asking for patient medical records, credit card numbers, and other requests for sensitive information. If there are any concerns or doubts please contact customer service or provider relations for the relevant payer prior to providing any information.