Accelerated payments may now be on the table. Whether your reimbursement is affected by the ransomware attack on UnitedHealth Group’s Change Healthcare division or not, you should be paying attention to the chaos-inducing event. Following pressure from the American Hospital Association, American Medical Association, politicians, and others, the Department of Health and Human Services has issued a statement about the attack claimed by Russian hacking group BlackCat. “HHS recognizes the impact this attack has had on health care operations across the country. HHS’ first priority is to help coordinate efforts to avoid disruptions to care throughout the health care system,” the agency says in a March 5 release. “HHS has made clear its expectation that UHG does everything in its power to ensure continuity of operations for all health care providers impacted,” the agency continues. “HHS is also leading interagency coordination of the Federal government’s related activities, including working closely with the Federal Bureau of Investigations (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the White House, and other agencies to provide credible, actionable threat intelligence to industry wherever possible.” HHS says it has heard providers’ worries about “potential cash flow concerns” and outlines steps the Centers for Medicare & Medicaid Services is taking to help them, including: HHS also urges providers to take advantage of “accelerated payments, like those issued during the COVID-19 pandemic” available from other payers. But the notice seems to indicate that only hospitals will be able to access Medicare accelerated payments in relation to the attack. The agency’s statement “gives the appearance that HHS would prefer not to be in the role of providing financial assistance for cash flow if it can avoid it,” notes trade group LeadingAge. Do this: In light of the information, “providers should reach out to the managed care plans they work with to see if they are offering advance funding to assist with cash flow or waiving certain prior authorization or timely filing requirements due to the cyberattack,” LeadingAge recommends on its website. Providers also need to watch out for related scams that may target their patients. For example, in Nebraska, scammers are calling hospital patients and claiming they can get refunds from the facility if they hand over their credit card information. Never give such information out to an unsolicited caller, the Nebraska Hospital Association stresses. “Nebraskans need to be vigilant for both them and their family members,” the trade group says. Watch For Forthcoming Regs From DOJ Meanwhile, the attack should serve as a stark reminder to commit to your cybersecurity efforts. UnitedHealth has reportedly paid a $22 million bitcoin ransom and it has still not resolved the problem, according to press reports. “Double down on cybersecurity, with urgency,” HHS exhorts in its release. The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and HHS have released an update to the joint advisory “#StopRansomware: ALPHV Blackcat” issued in December. It provides new tactics, techniques, and procedures (TTPs) associated with the ALPHV Blackcat ransomware as a service (RaaS), among other items. “ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector,” HHS Administration for Strategic Preparedness and Response says in a release. The nine-page joint advisory is at https://aspr.hhs.gov/cyber/Documents/stopransomware-508.pdf. Plus: On Feb. 28, President Biden issued an executive order to protect sensitive personal data from exploitation by “countries of concern,” note Stephanie Kennan, Gina Sherick, and Gabriel Wiedenhoever with McGuireWoods Consulting. “The order calls for actions that will likely lead to the development of regulations to shift how domestic health companies and insurers store and transmit data,” Kennan, Sherick, and Wiedenhoever highlight in a post to the consulting firm’s website. Keep an eye out for the Department of Justice to issue proposed regulations on the issue, the McGuireWoods consultants say.