Change Healthcare Cyberattack: What Social Workers Should Know

Mar 27, 2024

By Denise Johnson, LCSW-C
NASW Senior Practice Associate

In February 2024, a major healthcare cybersecurity attack occurred, affecting many patients and providers including clinical social workers (CSWs). The attack targeted UnitedHealth Group’s subsidiary Change Healthcare, a technology clearinghouse that manages billing and administrative tasks for healthcare organizations.

The attack, known as ransomware, involved hackers gaining access to healthcare payment systems, encrypting files, and demanding payment in exchange for a decryption key. As a result, Change Healthcare became temporarily paralyzed, causing payment disruptions and delays in patient care. The attack on Change Healthcare affected multiple healthcare organizations, leading to concerns about the security of sensitive patient data. In response, Change Healthcare shut down their systems and launched an investigation to determine the extent of the attack and any potential data breaches. Change Healthcare provides status updates on the cyberattack.

Experts recommend that individuals who may have been affected by the attack closely monitor their health records and credit reports for any suspicious activity. Healthcare organizations are also reviewing their security measures and implementing additional precautions to prevent future attacks.[1]

The Centers for Medicare & Medicaid Services (CMS) issued a statement and is actively monitoring the impact of the cyberattack on Change Healthcare and how it affects various providers and suppliers. CMS has announced that it is considering applications for advance payments for Part B providers and suppliers due to the cyberattack.

CMS is also working with health plans, providers, and suppliers to address their concerns and is expediting necessary actions for changes to the clearinghouse that providers use and paper claims processing. CMS is also urging Medicaid plans to make prospective payments to those affected. Medicare Administrative Contractors (MACs) are providing public instructions on how to request for a Medicare accelerated or advance payment.

The cyberattack serves as a reminder for healthcare organizations and CSWs to regularly update and strengthen their security protocols to protect against potential attacks. NASW has developed a uniform set of technology standards to guide social workers in their practice. CSWs can also visit the Healthcare and Public Health Cybersecurity Performance Goals for more information on ways to stay protected.

NASW will monitor this situation for future changes. Questions may be directed to


[1] Smith-Schoenwalder, C. (2024) EXPLAINER: What to Know About the Change Healthcare Cyberattack, Available at: 12 March 2024).

NASW Advocacy Day on Capitol Hill 2024

NASW Advocacy Day on Capitol Hill 2024

  By Rachel Boyer, MSW, LMSW Ahead of the 2024 NASW National Conference, more than 200 social workers from 36 states and one U.S. Territory attended 172 meetings with Congressional offices in both the U.S. House and Senate on June 18, 2024. The purpose of these...