The UnitedHealth Group is facing a potential data breach following a cyberattack on its Change Healthcare IT services unit, although the group has not yet confirmed the breach. The Department of Health and Human Services’ Office for Civil Rights has initiated a comprehensive investigation into the incident, expressing concerns over the potential compromise of protected health information impacting millions of individuals.
The cyberattack has disrupted healthcare and billing operations nationwide, posing a significant threat to patient care and essential healthcare industry functions. The investigation will focus on determining whether a breach of protected health information occurred and assessing the compliance of Change Healthcare and UnitedHealth Group with HIPAA Rules.
While UnitedHealth Group’s privacy office and security teams are actively working to assess the impact of the attack on members, patients, and customers, the extent of the data compromise remains uncertain. The attack has affected over 100 Change Healthcare IT services and products, prompting efforts to restore functionality and contain the incident.
Government officials, including HHS Secretary Xavier Becerra and Department of Labor Acting Secretary Julie Su, are urging the healthcare sector and private industry to address the cybersecurity threat promptly. They emphasize the importance of mitigating the impact on patients and providers, calling for additional actions to ensure the continued delivery of care and financial support for affected healthcare providers.
