In this photo, the UnitedHealth Group logo is displayed on a tablet.
Igor Golovniov | Sopa Images | Light racket | Getty Images
The U.S. Department of Health and Human Services did initiated an investigation following a cyber attack on Change Healthcare that disrupted key operations at pharmacies and hospitals across the United States
The HHS Office for Civil Rights stated in Art statement on Wednesday that it is investigating the incident attributable to the “unprecedented scale of the cyberattack.” The OCR Act enforces the security, privacy and breach notification rules of the Health Insurance Portability and Accountability Act that the majority health plans, providers and clearinghouses, similar to Change Healthcare, are required to follow to guard health information.
“OCR’s investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and Change Healthcare’s and UHG’s compliance with HIPAA regulations,” the department said.
Change Healthcare offers electronic prescription software and payment and revenue cycle management tools. According to the parent company UnitedHealth, on February 21, a cybercriminal broke into a part of the unit’s IT network. registration with the US Securities and Exchange Commission.
UnitedHealth told CNBC in an announcement that it would cooperate with OCR’s investigation.
“Our immediate goal is to restore our systems, protect data and support those whose data may have been compromised,” the company said. “We are working with law enforcement to investigate the extent of the data involved.”
SEC filings show that UnitedHealth shut down affected systems after identifying the threat. On Thursday, the company said it expected the network to be restored by mid-March. On Friday, UnitedHealth said electronic prescribing is “fully functional” and expects the electronic payment feature to be available by March 15. The company will “begin testing” to revive connectivity to its claims network on March 18.
In late February, Change Healthcare reported that the Blackcat ransomware group was behind the attack. Blackcat, also called Noberus and ALPHV, steals sensitive institutional data and threatens to publish it unless ransom is paid, study finds December issue from the Department of Justice.
UnitedHealth didn’t disclose what specific data was compromised in the attack or whether it agreed to pay a ransom to bring its systems back online.