Zing Health Remains Committed to Delivering High-Quality Care Despite Operational Setbacks and Challenges from Vendor Cybersecurity Event
Zing Health has long been dedicated to providing the highest quality healthcare services to its members, with a particular focus on individuals with chronic and special healthcare needs. The company has consistently prioritized improving healthcare outcomes, reducing disparities, and ensuring equitable access to care for historically underserved populations. This commitment is central to Zing Health’s mission and informs every aspect of its operations, from patient care management to claims processing and administrative support.
However, in February 2024, Zing Health faced an unprecedented challenge that temporarily disrupted its operations and impacted its ability to fully deliver the level of service members expect and deserve. Change Health Care (CHC), a critical vendor supporting Zing Health’s operations, experienced a severe cybersecurity ransomware event. This event led CHC and/or its parent company, Optum, to make the decision on February 21, 2024, to permanently shut down CHC’s operations. The abrupt closure of CHC had a material effect on Zing Health, as CHC’s systems and services were integral to Zing’s ability to manage member care effectively and process claims in a timely manner.
Zing Health had relied on CHC for various operational functions that are crucial to daily healthcare management. These included claims processing, care coordination, and data management systems necessary for timely decision-making and patient support. The failure of CHC to restore these services following the ransomware attack directly disrupted Zing Health’s operational capabilities. Despite Zing’s best efforts to mitigate the situation and implement contingency measures, the shutdown created unavoidable delays and challenges in providing seamless care for members.
Immediately following the CHC shutdown, Zing Health mobilized its teams to address the operational disruptions. The company prioritized minimizing the impact on members, focusing on continuity of care for individuals with complex medical needs. Temporary processes were implemented to handle claims and ensure that essential member services continued without interruption. Zing Health’s staff worked tirelessly under challenging circumstances, coordinating with multiple stakeholders, vendors, and healthcare providers to maintain access to critical services. The company also communicated proactively with members to keep them informed about potential delays in claims processing and care coordination.
Despite these efforts, the disruption had downstream effects on Zing Health’s performance metrics, particularly those measured by the Centers for Medicare & Medicaid Services (CMS). CMS uses a Star Rating program to evaluate the quality of health and drug services provided by Medicare Advantage (MA) and Prescription Drug Plans (PDPs, also referred to as Part D plans). These ratings are based on a variety of factors, including clinical outcomes, patient satisfaction, operational efficiency, and adherence to care standards. Star Ratings are highly influential, impacting not only public perception but also plan eligibility for quality bonus payments and other incentives.
The operational setbacks caused by the CHC cybersecurity incident directly affected Zing Health’s ability to achieve its expected Star Rating for the 2026 plan period, which reflects performance in calendar year 2024. Although Zing Health took immediate and decisive action to limit the disruption, the severity of the impact and the inability of CHC to restore services in a timely manner prevented the company from fully meeting the standards required for higher Star Ratings.
For context, Zing Health’s H4624 contract achieved a 3.5 Star Rating for the 2025 plan year, reflecting the company’s commitment to quality and consistent improvements in healthcare delivery. However, the operational disruptions stemming from the CHC incident have caused the projected Star Rating for the 2026 plan year to drop to 2.5 stars. It is important to note that this decline is not indicative of a reduction in Zing Health’s commitment to quality care or a failure of the company’s internal programs. Rather, it reflects the external and unforeseen impact of a vendor shutdown beyond Zing Health’s control. Had the CHC cybersecurity incident not occurred, Zing Health fully expected to maintain or even improve its Star Rating for 2026, based on tangible improvements in care coordination, chronic condition management, and member support initiatives.
Zing Health has made significant progress over the past several years in improving clinical outcomes and member satisfaction. The company has invested in advanced care management programs, telehealth initiatives, and data-driven interventions aimed at reducing healthcare disparities and addressing the needs of vulnerable populations. These efforts have resulted in measurable improvements in patient outcomes, including better management of chronic conditions, higher rates of preventive screenings, and increased adherence to treatment plans. Unfortunately, the CHC cybersecurity incident temporarily disrupted these operational gains, delaying the full realization of their benefits in the Star Rating system for 2026.
It is critical to understand that Zing Health’s operational setback was caused by external factors, not by deficiencies in its internal processes or care programs. The CHC shutdown prevented access to essential claims processing systems, leading to delays in member reimbursements and administrative reporting. These delays, in turn, impacted the company’s ability to demonstrate timely care management and operational efficiency in CMS assessments, which are core components of the Star Rating calculation. Despite these obstacles, Zing Health maintained its commitment to members and continued to deliver necessary healthcare services, demonstrating resilience and adaptability in the face of unprecedented challenges.
