States step in to hasten provider recovery in wake of Change Healthcare cyberattack

While the Centers for Medicare & Medicaid Services has begun an advanced payment program for Part A providers and Part B suppliers experiencing claims disruptions from the Change Healthcare cyberattack two weeks ago, states are also offering help to providers affected by the breach, by reducing claims system payment roadblocks and giving financial support.


The state government in Washington is also offering similar advanced payment relief through its Medicare and Medicaid programming, though organizations like the American Hospital Association previously voiced concerns about CMS’s repayment timelines and interest rates. 

On Tuesday, the Evergreen State’s Department of Health and Human Services instructed its Medicare Administrative Contractors to implement advance lump sum payments based on historical Medicare claim payment volumes, the Washington State Hospital Association said.

“The amounts advanced will be recouped later from paid claims,” WSHA posted in a new online support resource page it launched with the AHA. 

“This program should benefit hospitals and providers in cases where a large proportion of their Medicare fee-for-service payments have been disrupted. This program is for Medicare fee-for-service only and does not apply to Medicare Advantage or other payers.”

Meanwhile, New Mexico is using its insurance regulatory structure to alleviate pressure on healthcare delivery, including telehealth. The state’s Superintendent of Insurance Alice Kane issued an order to protect small healthcare practices on March 20 in response to the Change Healthcare cyberattack. 

“Most notably, the cyberattack has made it difficult, and in some cases impossible, for physicians to receive payment for the healthcare services they provide to New Mexicans,” Anne Jung, executive director of the New Mexico Medical Society, said in the office’s bulletin

Jung noted that the measures focus “relief on the pain points small and independent practices have experienced due to the nationwide collapse of interconnected systems.” 

The order directs medical insurers regulated by Kane’s office to temporarily suspend prior authorizations, refrain from retroactively denying claims due to “common issues caused by the cyber incident” and waive deadlines submitted by small and independent providers that occurred after the Feb. 21 attack

The payers are also asked to defer policies that require providers to submit claims within a certain time frame after services are rendered. 

On the East Coast, the Maryland Department of Health has issued more than 500 advanced payments to providers to keep medical offices operating to help providers pay their bills and employees, according to WYPR News.

Though it’s not yet listed under resources on the agency’s Change Healthcare Cybersecurity Incident Updates page, Sara Barra, chief of staff for behavioral health at MDH, said in the story that there is a dedicated email account for the state to answer requests for individual provider assistance. 

“If it’s advanced payments to help make payroll, if it’s technical assistance in changing their clearing house, we want to help,” said Barra.


On Friday, UHG said it would begin to restore Change’s main platforms and start processing claims. However, 11 systems are scheduled to be restored from the week of March 25 through the week of April 8, according to a timeline for product restoration posted to its incident response information.

Change claims preparation went back online on March 18, the company also said, estimating $14 billion in claims are ready. While representatives of provider industry groups have scoffed at the aspects of assistance and its effect on providers over the last several weeks, UHG said that it has provided more than $2 billion in temporary funding assistance to providers

AHA has also been pressing the government for additional funding. 

Most recently, the organization asked Congress by letter on March 20 to address “any statutory constraints that prevent [CMS and HHS] from adequately helping hospitals and other healthcare providers impacted by the Change Healthcare cyberattack,” in the fiscal year 2025 U.S. Health and Human Services budget, according to a website statement.


“I don’t understand why more people aren’t screaming and yelling,” Gene Ransome, the chief executive officer of the Maryland State Medical Society, told Maryland local news. “This is a major risk to our whole healthcare system.”

“I want to thank New Mexico’s major medical insurers for the significant steps already taken to help providers resolve issues stemming from this cyber incident,” said Kane, the state’s top insurance regulator, in a statement last week. 

Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]

Healthcare IT News is a HIMSS Media publication.

Related Articles

Back to top button