On this picture illustration, the UnitedHealth Group emblem is displayed on a pill.
Igor Golovniov | Sopa Photos | Lightrocket | Getty Photos
The U.S. Division of Well being and Human Companies has launched an investigation into UnitedHealth Group following the cyberattack on its Change Healthcare unit that has disrupted essential operations in pharmacies and hospitals throughout the U.S.
The HHS Workplace for Civil Rights mentioned in a press release Wednesday that it is investigating the incident as a result of “unprecedented magnitude of the cyberattack.” The OCR enforces the Well being Insurance coverage Portability and Accountability Act’s safety, privateness and breach notification guidelines, which most well being plans, suppliers and clearinghouses akin to Change Healthcare are required to comply with to guard well being data.
“OCR’s investigation of Change Healthcare and UHG will deal with whether or not a breach of protected well being data occurred and Change Healthcare’s and UHG’s compliance with the HIPAA Guidelines,” the division mentioned.
Change Healthcare gives digital prescription software program and instruments for fee and income cycle administration. Mum or dad firm UnitedHealth found {that a} cyber menace actor breached a part of the unit’s data expertise community on Feb. 21, in line with a submitting with the U.S. Securities and Change Fee.
UnitedHealth instructed CNBC in a press release that it’ll cooperate with the investigation from the OCR.
“Our quick focus is to revive our programs, shield knowledge and assist these whose knowledge might have been impacted,” the corporate mentioned. “We’re working with legislation enforcement to research the extent of impacted knowledge.”
UnitedHealth took the affected programs offline after figuring out the menace, in line with the SEC submitting. The corporate mentioned on Thursday that it expects to revive its networks by mid-March. As of Friday, UnitedHealth mentioned digital prescribing is “totally useful,” and it expects digital fee performance to be out there beginning March 15. The corporate will “start testing” to reestablish connectivity to its claims community on March 18.
In late February, Change Healthcare mentioned that ransomware group Blackcat was behind the assault. Blackcat, additionally known as Noberus and ALPHV, steals delicate knowledge from establishments and threatens to publish it except a ransom is paid, in line with a December launch from the Division of Justice.
UnitedHealth has not disclosed what particular knowledge was compromised within the assault, or if it has agreed to pay a ransom to convey programs again on-line.
