Hospitals Missed Change Attack Relief, Maybe Unnecessarily

Revenue cycle leaders questioning the value of outsourced medical billing services should consider the case of recent research on the impact of the Change Healthcare attack. 

As a response to the Change Healthcare breach, the Change Healthcare/Optum Payment Disruption (CHOPD) program attempted to support affected providers with financial protection. But since the distribution, there have been questions about whether the distribution of funds went to the entities most in need. There is a possibility that some hospitals who could have received funds did not. 

Revenue cycle leaders should be aware of recent research, loan refund requests from payers, and increasing threats – all of which indicate a need for planning careful revenue cycle processes to take advantage of future government programs.

University of Minnesota researchers recently examined how the federal government managed fiscal aid following the 2024 Change Healthcare attack, a major blow to medical billing services in the USA [1]. 

The Centers for Medicare & Medicaid Services (CMS) launched the CHOPD program to stabilize the industry, providing $3.3 billion in prepayments. The study found that the relief failed to reach numerous facilities that dealt with substantial revenue issues. These overlooked facilities often had traits that suggested higher fiscal vulnerability, including critical access hospital (CAH) designations or rural locations. 

The researchers identified at least 312 hospitals that never received funds despite suffering revenue drops exceeding the average. One explanation is the "opt-in" nature of the program. Organizations that did not have the administrative depth to monitor federal bulletins missed the chance to apply. This reality highlights how outsourced medical billing services that partner with a vendor who stays on top of federal news can be an asset in times of change. Smaller and understaffed providers will often lack the bandwidth needed to navigate the attestation process during a technical blackout.

Details of the CHOPD Program

Specifically, the CHOPD initiative offered Part A and Part B providers funds equaling 30 days at the average rate of their Medicare reimbursement. 

The researchers found that one-third of participants secured $1 million more than their Medicare losses during the official disruption window. Another third faced shortfalls, sometimes losing millions more than the program covered. The study did not confirm if these underpaid entities received loans from UnitedHealth Group or other sources to manage the difference. 

The investigation also highlighted that recipient hospitals generally maintained higher discharge counts and smaller Medicare shares than their non-participating counterparts. To prevent future imbalances, the authors suggest that CMS should adjust payment formulas downward from the 30-day benchmark while creating "outlier payments" for those facing extreme hardship. They also stressed the necessity of stronger outreach programs. Without a proactive stance, many organizations will continue to miss vital support during these types of systemic issues – highlighting the opportunity of partnering with an experienced and proactive vendor when deciding to outsource medical billing.

In mid-2025, UnitedHealth Group began requesting repayments of $9 billion in private loans issued during the crisis [2]. 

Providers reported receiving emails from the Optum unit insisting on total reimbursement within short windows – sometimes just five business days. In some cases, the payer began withholding reimbursements from Medicaid payments to satisfy balances. This placed additional strain on some providers who had struggled to maintain solvency during the initial outage. 

Catherine Mazzola, CEO of New Jersey Pediatric Neuroscience Institute, noted that her practice lost $68,000 in expected payments within a single month due to these garnishments. Another provider faced a demand for over $750,000 with almost no notice. These examples illustrate the risk of navigating unexpected disruption in the healthcare revenue cycle without an outsourced medical billing services partner as support. This type of vendor relationship can serve as an early warning system, helping providers stay aware of lower risk federal options like CHOPD before a facility feels forced into unfavorable private agreements. Outsourcing also ensures that hospital revenue cycle services optimize function during a crisis, lowering the risk of preventable revenue leaks. By outsourcing these complexities, hospital revenue cycle leaders can shield their organizations from predatory repayment schedules and administrative oversight.

The risk of cyber attacks in healthcare is not decreasing. Threats are expanding and are getting more difficult to manage [3]. This risk is amplified with the use of AI across clinical and administrative healthcare environments. The expanding technology increases the risk of data breaches, including issues with AI-controlled devices, as reviewed by the National Library of Medicine [4]. 

But cyber criminals are also using AI to increase the effectiveness of their attacks, using techniques like deep fakes and AI-driven phishing [5].

Volatility in healthcare cybersecurity makes it essential for providers to take advantage of every opportunity to reduce risk where they can. 

3Gen Consulting offers proven expertise in medical billing and coding and extensive experience in navigating change in the healthcare landscape. Whether you're adapting your internal teams or seeking a partner to support your prospective risk mitigation efforts, we’re here to help.