Change Healthcare Cyberattack

A major data breach and numerous smaller ones should cause each of our practices to do some threat mitigation


Change Healthcare, the largest clearinghouse for insurance billing and payments in the U.S., was the victim of a massive cyberattack by the ransomware group Blackcat. The group is known for stealing sensitive data from institutions and threatening to publish it unless a ransom is paid. (In the Change Healthcare case, $22M was reportedly paid with Bitcoin.) As a result of the attack, thousands of doctors and hospitals that depend on Change Healthcare for billing reimbursements have not been paid for weeks. On March 13, 2024, the HHS Office of Civil Rights opened an investigation into both Change Healthcare and its parent company UnitedHealth Group, citing the magnitude of the breach and the disruption it has caused. HHS also wrote a letter to payers asking them to take action to assist with funds and waivers of prior authorization processes.