New research from the University of Minnesota School of Public Health provides the first detailed look at whether funding provided through a federal relief program effectively reached hospitals affected by a ransomware attack on Change Healthcare, a major processor of health insurance claims.
The 2024 cyberattack exposed the personal health information of more than 190 million people. It left hospitals and clinics unable to submit claims or receive payment for the care they provided, and led to a cash-flow crisis that threatened their ability to make payroll and continue operations. In response to this unprecedented attack on the U.S. healthcare system, the Centers for Medicare and Medicaid Services adopted an emergency relief program to assist affected providers. Called the Change Healthcare/Optum Payment Disruption Accelerated and Advance Payment program, the initiative provided emergency funding to help providers weather the crisis.
Using data obtained via a Freedom of Information Act request, the research team investigated who benefited most from these relief payments - and how a future emergency funding program like this could be improved in the event of future attacks.
The research team analyzed data from nearly 4,400 hospitals across the U.S. that had applied for the emergency relief program, citing the attack's disruption of their ability to process Medicaid claims. The researchers compared emergency payments from the Change Healthcare/Optum Payment Disruption Accelerated and Advance Payment program to the hospitals' actual Medicare revenue disruptions stemming from the 2024 attack.
The study, published in Health Affairs, found:
- Payments reached only a fraction of affected hospitals. Centers for Medicare and Medicaid Services provided $3.3 billion through the program, including $2.2 billion to hospitals, yet only 11% of hospitals received funds.
- Rural hospitals and those unaffiliated with a major healthcare system were disproportionately excluded from the program. More than 300 hospitals with significant revenue losses likely related to the cyberattack received no emergency relief.
- Revenue losses from the attack were severe for hospitals that did receive emergency funding. Among hospitals that applied for and received funding, incoming Medicare revenue fell by an average of 66% during the first six weeks of the cyberattack compared with the same six-week period a year earlier. However, relief funding exceeded actual revenue losses for most hospitals.
"The Change Healthcare cyberattack was a wake-up call, demonstrating just how vulnerable the U.S. is to an attack on the behind-the-scenes infrastructure of our healthcare system," said Hannah Neprash, lead author and an associate professor in the School of Public Health. "The increase in this kind of attack in recent years suggests that our healthcare system and policy makers need to prepare for future events like this. We are committed to providing further evidence that will help policy makers adapt to this emerging threat to our healthcare system."
The researchers suggest that future federal relief efforts could be improved by incorporating real-time administrative data to identify disrupted providers more accurately, adjusting payments to reflect actual revenue losses and conducting proactive outreach to ensure smaller and rural hospitals are not overlooked. Future research will examine disruptions to clinical care that occurred as a result of the Change Healthcare attack.
About the School of Public Health
The University of Minnesota School of Public Health improves the health and wellbeing of populations and communities around the world by bringing innovative research, learning, and concrete actions to today's biggest health challenges. We prepare some of the most influential leaders in the field, and partner with health departments, communities, and policymakers to advance health equity for all. Learn more at sph.umn.edu.
