U.S. Senators Maggie Hassan and Marsha Blackburn have called on UnitedHealth Group CEO Andrew Witty to take immediate action in informing patients, providers, and regulators about a significant data breach that occurred in February 2024. This ransomware attack targeted Change Healthcare, a subsidiary of UnitedHealth Group, and has potentially exposed the protected health and personal information of millions of Americans. The Senators argue that UnitedHealth Group is currently in violation of the Health Information Portability and Accountability Act (HIPAA), which mandates that covered entities notify affected individuals within 60 days of discovering a data breach.
The Senators have criticized UnitedHealth Group for failing to promptly disclose the breach’s details, leaving many patients and healthcare providers unaware of the extent of the data exposure. They emphasize the urgency of the situation and the need for UnitedHealth Group to take full responsibility for breach notifications. The Senators have requested that UnitedHealth Group send notifications to the Office for Civil Rights (OCR), state regulators, Congress, the media, and healthcare providers by June 21, 2024, to inform all affected parties about the breach.
Senator Hassan, in particular, has been proactive in addressing the fallout from the cyberattack. She has urged UnitedHealth Group to provide comprehensive identity monitoring for affected individuals and criticized the company’s initial response as inadequate. Additionally, Senator Hassan has discussed the issue with President Biden and Health and Human Services Secretary Xavier Becerra, and has secured improvements to UnitedHealth Group’s financial assistance program for impacted healthcare providers.
As the situation unfolds, Senator Hassan continues to work closely with UnitedHealth Group to ensure that they meet their commitments and properly assist affected hospitals and doctors. Her efforts have led to significant updates in the company’s financial assistance program, providing much-needed support to healthcare providers hit hard by the cyberattack.
Reference:
