Change Healthcare and United Health Group Cyber Attack

What You Need to Know

For those who have been affected by Change Healthcare (even if you have not been affected) here is what BTC is recommends:

HHS Email

Today, 4.22.2024 HHS OCR sent an email update regarding the Change Health Care Cyber-attack.

Summary of What Happened.

  • Change HealthCare and United Health Group (UHG) had a ransomware attack.
  • The breach was caused by ONE employee download that allowed access to the database.
  • Ransomware is when data is stolen and held at a ransom for payment. Sometimes they threaten to leak the data, sometimes they remove it so you no longer have access.  However, in most cases when payment is made, data leaks still occur.
  • Many providers are seeing a delay in payment, claims submission, insurance verification, etc.
  • Change Healthcare and UHG are working to get services up and running. They are focusing on pharmacy services first so patients can maintain their medications.

What Do We Recommend You Do?

  1. Be Informed: Know if you are using Change Health Care of UHG ask your biller if you are unsure.
  2. Pay attention: Watch for any correspondence from UHC. Change Healthcare, UHG, your EHR provider, HHS, or your clearinghouse.
  3. Complete: If you have not done so already complete a Security Risk assessment for 2024. This is the number one item HHS is looking for providers to complete when they do a HIPAA audit. BTC AVM 950 in the Compliance Classroom will take you step by step through the process.
  4. Retrain: Retrain your staff on HIPAA Security and Review your HIPAA Security Procedures. This major breach was caused by one employee.   BTC Form 1158 HIPAA Security Policies and Procedures
  5. Consult: Consult with your IT personnel.
    1. Do you have security in place?
    2. Do you have verified backups?
    3. Can employees approve downloads?
  6. Review: Other resources
    1. BTC Form 1159 F HIPA Security Contingency Plan Responding to Ransomware.
    2. BTC Form 1168A HHS Updates on Ransomware
    3. BTC Form 1168B Ransomware Fact Sheet
    4. BTC Form 1156 Security Reminders – Team Training
    5. BTC Form 1158 HIPAA Security Policies and Procedures
    6. BTC AVM 516 HIPAA Security Standards
    7. BTC 519A HIPAA Fax And Email Security




As a leader in the Chiropractic profession, BTC has been extremely selective in forming its group of alliance partnerships. We encourage you to visit our partner's websites and to utilize their services and products. When you become a Member of Breakthrough Coaching you become part of a special "family" unlike any other in the Chiropractic Profession.

Practice Analysis Survey.

Let us analyze your practice today!

FREE GUEST TOUR Friend Us on Facebook Follow Us on Twitter Follow Us on LinkedIn