You are using a browser we no longer support. Current functionality may be reduced and some features may not work properly. For a more optimal geha.com experience, please click here for a list of supported browsers.

Information: Update on Change Healthcare

As of August 16, 2024

Claims and payment processing
On February 21, 2024, Change Healthcare (CHC) took some of their services offline in response to a cybersecurity attack. CHC, which UnitedHealthcare owns through its Optum subsidiary, had impacts to their systems and services after the cyberattack in February. The incident led to outages in these services for payers, providers and other parts of the U.S. health care system, including GEHA. GEHA works with CHC to provide several services to our members and providers, including payment processing, explanation of benefit (EOB) distribution and mail services.

This disruption interrupted claims processing, payment processing and our ability to process EOBs. To safeguard member and provider data, GEHA shifted to an alternate method for processing these items. During this transition, there was a delay in sending claims payments and information, as well as EOBs. This has now been resolved.

EOB/EOP update
Your payment information is available on geha.com when you login to your secure portal. Printed EOBs are being mailed and EOBs and Explanation of Payment (EOP) statements are also available online. We thank you for your patience while these services were temporarily unavailable.

Additional info

You may have received, or may in the future receive, a generic notification letter from CHC about this event. Receipt of the letter is not indicative that your data was breached. The notification is a generic letter that is being sent to all individuals that are currently doing business with, or have previously done business with, a customer of CHC. Customers of CHC include providers, health insurance companies, and other health care companies.

As of Aug. 16, 2024, we are unaware of any impact to our members or providers data as a result of their immediate relationship with GEHA.

It is important to note that providers, labs, pharmacies or other elements of the health care ecosystem you use may have contracts with CHC that are impacted by the CHC event, which could result in receiving letters regarding this incident.

UnitedHealth Group, the parent company of CHC, is offering no-cost credit monitoring to anyone who has concerns they may have been impacted. Please see information in Member FAQs below for details. For additional information on the CHC cyberattack, visit changehealthcare.com.

We are aware some members are receiving generic letters from CHC indicating they may have data impacted by the CHC cyberattack that occurred in February 2024. At this point GEHA has no knowledge of member data being compromised. It is important to note that providers, labs, pharmacies or other elements of the health care ecosystem that are used by GEHA members may have contracts with CHC that are impacted by the CHC event, which could result in those members receiving letters regarding this incident.

UnitedHealth Group, the parent company of CHC, is offering no-cost credit monitoring to anyone who may have been impacted. For additional information on the CHC cyberattack, visit changehealthcare.com.

No. This outage does not impact your access to providers. There was an interruption in prescription services from Optum immediately after the outage occurred in February 2024, but that was resolved quickly. Please continue to get needed health care services while the back-office administrative issue is being resolved.

GEHA members have been unable to access Explanation of Benefits (EOBs) online until June. However, we resumed mailing EOBs in May, and digital EOBs are available from February 20 to present as of June 14 via your secure member portal on geha.com. There may also be a delay in claims processing for payments to health care providers or to members who paid out-of-pocket.

No. GEHA's internal technology and systems were not directly impacted by the cyberattack on Change Healthcare.

No action is needed from members.

The cyberattack on Change Healthcare took place February 21, 2024. The effects of this event are still impacting the broader U.S. health care industry.

All outstanding payments for claims received were processed as of May 23, 2024.

All outstanding payments for claims received to date were processed as of May 23, 2024, and GEHA has resumed normal claims processing. You should be able to view your deductible balance through your secure member portal, and digital EOBs for claims received after February 20 are now available. Printed EOBs resumed being mailed in May.

The CHC cyberattack affected GEHA's ability to view member EOBs, and our Customer Care associates have not had access to all documents. Access to EOBs resumed in May with all EOBs being mailed. Digital access to EOBs for claims dated February 20 or after resumed as of June 14 via your secure member portal on geha.com. All EOBs have been processed in chronological order beginning from the last days of claims processing on February 20, 2024.

While the formatting of your EOB may be an unexpected difference, the information is factually accurate. Our focus is to ensure continuity of care and ongoing access to your health care, to ensure no delays. For the time being, printed EOBs are being sent to all members. Digital EOBs are now available again via your secure member portal, effective June 14.

Some members may receive an increased volume of mailings from GEHA. Due to the cyberattack on CHC in February, many of our normal letter processes were interrupted. These have now resumed and providers and members are starting to receive the backlog of letters that were interrupted from February to June 2024. Some of these letters are needed for documentation to process out-of-network claims and other issues. Per regulation from OPM, GEHA is obligated to mail these items. In some cases, catching up on the backlog has resulted in a higher concentration of letters than is typical. We apologize for any inconvenience this may cause.

To date, GEHA has no evidence that member data was compromised as a result of this incident. Additionally, GEHA is proactively monitoring the situation. The security of our members' data and personal health information is of utmost importance to us. We have proactively implemented a robust monitoring process. Our team of cybersecurity experts are constantly assessing if our member data has been impacted.

At this time we have no evidence that GEHA member data has been compromised in this incident. UnitedHealth Group, which owns Optum and CHC, has established a dedicated website for potentially impacted individuals at changecybersupport.com. GEHA members can visit this website to get more information and details on resources that UnitedHealth Group is offering in response to this incident. UnitedHealth Group has established a dedicated call center to offer free credit monitoring and identity theft protections for two years to anyone impacted. The call center will also include trained clinicians to provide support services. UnitedHealth Group has indicated on April 22, 2024, that, given the ongoing nature and complexity of the data review, it may take several months for them to identify and notify impacted individuals. The call center will not be able to provide any specifics on individual data impact until that time.

UnitedHealth Group's call center can be reached at 866.262.5342 and further details can be found on the website.

We are aware some providers and members are receiving generic letters from CHC indicating they may have data impacted by the CHC cyberattack that occurred in February 2024. At this point GEHA has no knowledge of member data being compromised. It is important to note that providers, labs, pharmacies, or other elements of the health care ecosystem that are used by GEHA members may have contracts with CHC that are impacted by the CHC event, which could result in those members receiving letters regarding this incident.

UnitedHealth Group, the parent company of CHC, is offering no-cost credit monitoring to anyone who may have been impacted. For additional information on the CHC cyberattack, visit changehealthcare.com.

Yes. Based on the services Change Healthcare provides to GEHA, GEHA is experiencing disruptions to things like member and provider letter print and mail services, Explanation of Benefit (EOB) retrieval and payment processing for dental providers, out of network medical providers and members. At this time GEHA has no evidence that member data has been compromised.

No. GEHA's internal technology and systems were not directly impacted by the cyberattack on Change Healthcare.

It isn't necessary for providers to contact GEHA. GEHA has implemented an alternate method to restore both provider and member payment processing and access to impacted member and provider documents. Payment processing was accelerated in May and completed for claims received to date on May 23, 2024. GEHA will proactively communicate with providers and members on updates, including any actions providers or members should take. Please monitor this webpage for updates. Notification of e-payments will be normal confirmation and more information on payment method is available in your provider portal. Your form of payment will be the same as previously elected.

All outstanding payments for claims received after February 20 were processed as of May 23, 2024, and GEHA has resumed normal claims processing. You should be able to view processed payments through your secure provider portal, and digital EOB access resumed June 14 via your secure portal on geha.com.

GEHA is not paying interest per OPM and GEHA contracts. This was an industry-wide event.

We have our normal provider dispute process where you can write in to appeal a claim. Currently the time frame for claims dispute is six months from the original date of the claim. Claim disputes must be received in writing.

If nothing has changed on your end, we do not need updated info. Please see your Provider Portal for contact information if you need to enroll or update your VCC/ACH payment information to our payment processing system.

As part of GEHA's recovery efforts, we are working to remediate outstanding payments issued by VCC that are now expired. These are payments issued prior to the cyber-event at Change Healthcare. At this time, we are unable to provide a specific date for the release, however, rest assured that our teams continue to work towards this final step in our recovery process. There is no further action needed from you at this time for payment reissue. We sincerely apologize for the extended delay and inconvenience.

We have identified an issue where the "other plan payment" amount on some EOBs is incorrect. However, please be assured the actual payment from GEHA is correct and has been processed accurately. We are working on getting this corrected so that that future EOBs will reflect the correct "other plan payment" amount. If you notice other inconsistencies, please inform GEHA.

GEHA commenced EOB processing and payments on out-of-network provider claims to members on April 29, 2024, and the backlog was completed on May 23, 2024.

Due to the cyberattack on CHC in February, many of our normal letter processes were interrupted. These have now resumed and providers and members are starting to receive the backlog of letters that were interrupted from February to June 2024. Some of these letters are needed for documentation to process out-of-network claims and other issues. In some cases, catching up on the backlog has resulted in a higher concentration of letters than is typical. We apologize for any inconvenience this may cause.

Connection Dental Providers who work with payors other than GEHA should contact those payors directly to inquire about the status of payments. Additional information, if provided, can be found on the payor tab at connectiondental.com.

United Health Group has also provided access to the following information and resources:

UHG Cyber Event Information: Information on the Change Healthcare Cyber Response — UnitedHealth Group