View a timeline of the AHA's response to the Change Healthcare cyberattack.

AHA Advisories and Actions to Keep Members Informed

  • April 29 Letters to the Senate Finance Committee and House Energy and Commerce Subcommittee in advance of May 1 hearings with UnitedHealth Group CEO Andrew Witty regarding the Change Healthcare cyberattack.
  • April 23 Special Bulletin highlighting UnitedHealth Group鈥檚 offer to 鈥渕ake notifications and undertake related administrative requirements on behalf of any provider or customer鈥 at the appropriate time.
  • April 16 Testimony for the House Energy and Commerce Subcommittee on Health from John Riggi, AHA鈥檚 national advisor for cybersecurity and risk, on health care cybersecurity vulnerabilities.
  • March 26 Special Bulletin highlighting a new national health plan resource guide developed by the Departments of Health and Human Services, Administration for Strategic Preparedness and Response and Centers for Medicare & Medicaid Services.
  • March 19 Letter to the U.S. House of Representatives鈥 Committee on Ways and Means informing them prior to a March 20 hearing of the cyberattack鈥檚 impact on hospitals and health systems.
  • March 18 Special Bulletin detailing CMS guidance on Medicaid flexibilities and response to Change Healthcare cyberattack.
  • March 15 AHA Today article on new CMS guidance to help states make interim Medicaid payments to providers impacted by the Change Healthcare cyberattack.
  • March 15 Survey Results on the impact of the Change Healthcare cyberattack on U.S. hospitals.
  • March 14 Special Bulletin highlighting the Centers for Medicare & Medicaid Services鈥 frequently asked questions on their accelerated and advance payment program for hospitals, physicians and others impacted by the Change Healthcare cyberattack.
  • March 13 Letter to Senate Finance Committee leadership in advance of their March 14 hearing on the President鈥檚 fiscal year 2025 Health and Human Services budget updating them on the impact of the recent Change Healthcare cyberattack and raising concerns regarding the Administration鈥檚 proposal to penalize hospitals that don鈥檛 meet certain cybersecurity requirements.
  • March 11 Special Bulletin on the Department of Health and Human Services and Department of Labor calling on UnitedHealth Group to 鈥渢ake responsibility鈥 for the adverse impacts of the Change Healthcare cyberattack.
  • March 9 Special Bulletin on CMS鈥 formally announcing terms for hospitals, physicians and other providers impacted by the Change Healthcare cyberattack to apply for accelerated and advance payments.
  • March 8 Special Bulletin on UnitedHealth Group鈥檚 announcement of a series of updates on its response to the unprecedented cyberattack against its subsidiary Change Healthcare.
  • March 6 Perspective column from AHA President and CEO Rick Pollack highlights the AHA鈥檚 work on this issue to advocate on members鈥 behalf.
  • March 5 Special Bulletin with details of some flexibilities announced by HHS and AHA鈥檚 media statement in response to the announcement.
  • March 4 Action Alert encouraging AHA members to speak to their members of Congress urging them to take action to support hospitals as they navigate the effects of the ongoing cyberattack.
  • March 4 Letter to the Congress urging actions to support hospitals' efforts to care for patients as the entire health care system continues to navigate the effects of the ongoing cyberattack.
  • March 4 Letter to UnitedHealth Group expressing concern with the company's Temporary Funding Assistance Program announced March 1. 
  • March 1 Special Bulletin includes information on Change Healthcare temporary actions 鈥 funding assistance program and e-prescribing service 鈥 announced today and additional cybersecurity resources for the field.
  • Feb. 29 Perspective column from AHA President and CEO Rick Pollack highlights the AHA鈥檚 work on this issue to inform members and advocate on their behalf.
  • Feb. 27 Cybersecurity Advisory on an updated #StopRansonware: ALPHV Blackcat joint agency advisory with new indicators of compromise and tactics, techniques and procedures
  • Feb. 26 Letter to the Department of Health and Human Services outlining the implications of the cyberattack on patient care.
  • Feb. 26 Cybersecurity Advisory with Health-ISAC bulletin details on maintaining network connectivity with UnitedHealth Group systems and indicators of compromise.
  • Feb. 25 Cybersecurity Advisory with indicators of compromise to assist with indicator sweeps of network compromise.
  • Feb. 24 Cybersecurity Advisory with additional details, recommendations and AHA actions.
  • Feb. 23 AHA cybersecurity update member call with representatives from the Department of Health and Human Services, Cybersecurity and Infrastructure Security Agency, and Federal Bureau of Investigation.
  • Feb. 22 Cybersecurity Advisory alerting of the attack and recommended steps.
  • Feb. 21 Change Healthcare, a health care technology company that is part of Optum and owned by UnitedHealth Group, announced they were hit with a cyberattack that disrupted a number of its systems and services, according to a posted on its website.

Cybersecurity & Risk Advisory

Learn how AHA can help hospitals and health systems prepare for and mitigate cyber threats through the expertise of John Riggi, AHA鈥檚 National Advisor for Cybersecurity and Risk.

Learn More

AHA in the News

  • April 23 America鈥檚 health system is still in crisis after its biggest cyberattack ever鈥攂ut the 'catastrophe' is just a blip for the giant company that got hacked
  • April 16 Providers pitch their post-Change cybersecurity policy fixes to sympathetic Congress
  • March 29 4 Things You Need to Know About Health Care Cyberattacks
  • March 21 How the healthcare sector is handling cybersecurity training
  • March 15 94% of hospitals take financial hit from Change hack: AHA survey
  • March 15, Health Insurers Split With US Over Relief After Change Healthcare Hack
  • March 13, Feds investigating whether hacked health care giant complied with law protecting patient data
  • March 12, UnitedHealth Maintains the Hack Won鈥檛 Have an Impact. That鈥檚 Harder to Believe Now.
  • March 8, With Cyberattack Fix Weeks Away, Health Providers Slam United
  • March 8, Biden Team, UnitedHealth Struggle to Restore Paralyzed Billing Systems After Cyberattack
  • March 5, Calls Mount for Government Help As Change Healthcare Hack Freezes Medical Payments
  • March 5, Cyberattack Paralyzes the Largest U.S. Health Care Payment System
  • March 5, Officials Rush To Help Hospitals, Doctors Affected by Change Healthcare Hack
  • March 5, U.S. To Accelerate Some Payments to Hospitals After UnitedHealth Hack
  • March 3, Health-care hack spreads pain across hospitals and doctors nationwide
  • March 3, Cyberattack on Insurance Provider Causes Billing, Prescription Delays
  • March 1, a Ransomware attack on U.S. health care payment processor 鈥榤ost serious incident of its kind鈥 黑料正能量 Association CEO Rick Pollack said effects of the attack "are continuing to be felt throughout the entire health care system."
  • Feb 29, Cyberattack on UnitedHealth still impacting prescription access: "These are threats to life"
  • Feb 29, A large US health care tech company was hacked. It鈥檚 leading to billing delays and security concerns

The AHA will continue to keep you updated on this situation. Please send any technical, financial and/or clinical impact or related technical threat intelligence on a confidential basis to John Riggi, AHA鈥檚 national advisor for cybersecurity and risk, at jriggi@aha.org. The AHA maintains close contact with the FBI, HHS and CISA and will share cyber threat intelligence with them without attribution to your organization, unless you specify permission to be identified. If you have identified any of these indicators of compromise on your network, or are experiencing a ransomware attack, contact your local or FBI 24/7 Cyber Watch at 855-292-3937 and describe any delay or disruption to care delivery.