On this picture illustration, the UnitedHealth Group emblem is displayed on a pill.
Igor Golovniov | Sopa Pictures | Lightrocket | Getty Pictures
The U.S. Division of Well being and Human Providers has launched an investigation into UnitedHealth Group following the cyberattack on its Change Healthcare unit that has disrupted essential operations in pharmacies and hospitals throughout the U.S.
The HHS Workplace for Civil Rights mentioned in a assertion Wednesday that it is investigating the incident because of the “unprecedented magnitude of the cyberattack.” The OCR enforces the Well being Insurance coverage Portability and Accountability Act’s safety, privateness and breach notification guidelines, which most well being plans, suppliers and clearinghouses resembling Change Healthcare are required to observe to guard well being data.
“OCR’s investigation of Change Healthcare and UHG will deal with whether or not a breach of protected well being data occurred and Change Healthcare’s and UHG’s compliance with the HIPAA Guidelines,” the division mentioned.
Change Healthcare gives digital prescription software program and instruments for cost and income cycle administration. Mother or father firm UnitedHealth found {that a} cyber menace actor breached a part of the unit’s data know-how community on Feb. 21, in keeping with a submitting with the U.S. Securities and Change Fee.
UnitedHealth informed CNBC in a press release that it’s going to cooperate with the investigation from the OCR.
“Our quick focus is to revive our methods, shield knowledge and assist these whose knowledge could have been impacted,” the corporate mentioned. “We’re working with legislation enforcement to research the extent of impacted knowledge.”
UnitedHealth took the affected methods offline after figuring out the menace, in keeping with the SEC submitting. The corporate mentioned on Thursday that it expects to revive its networks by mid-March. As of Friday, UnitedHealth mentioned digital prescribing is “absolutely purposeful,” and it expects digital cost performance to be out there beginning March 15. The corporate will “start testing” to reestablish connectivity to its claims community on March 18.
In late February, Change Healthcare mentioned that ransomware group Blackcat was behind the assault. Blackcat, additionally known as Noberus and ALPHV, steals delicate knowledge from establishments and threatens to publish it except a ransom is paid, in keeping with a December launch from the Division of Justice.
UnitedHealth has not disclosed what particular knowledge was compromised within the assault, or if it has agreed to pay a ransom to deliver methods again on-line.
