Federal Agency Initiates Probe into UnitedHealth Group and Change Healthcare Cyber Attacks

Federal Agency Initiates Probe into UnitedHealth Group | CyberPro Magazine

UnitedHealth Group and its subsidiary Change Healthcare find themselves under scrutiny as a federal agency launches an investigation into last month’s cyber attacks, raising concerns about potential breaches of patient data. Described by the Department of Health and Human Services’ Office for Civil Rights as an “unprecedented” assault on the U.S. healthcare system, the probe aims to ascertain whether protected health information was compromised and assess the companies’ adherence to health privacy laws.

In an uncommon move, the Department opted to publicize its letter announcing the investigation, signaling a concerted effort to underscore the gravity of the situation. Steve Cagle, CEO of Clearwater, a healthcare cybersecurity consultant, emphasized the significance of this step, indicating the Department’s earnestness in addressing the matter urgently.

Legal Ramifications and Industry Response

The announcement from the Office for Civil Rights serves as a stark reminder to all entities associated with Change or UnitedHealth Group to promptly report any potential breaches in compliance with health privacy regulations. Simultaneously, the fallout from the cyber attacks manifests in at least six class action lawsuits, according to Reuters, with allegations primarily targeting Change Healthcare’s purported failure to implement adequate security measures.

One such lawsuit, spearheaded by Gibbs Law Group, accuses Change Healthcare of neglecting “reasonable security measures” to safeguard the sensitive health and personal information of millions of Americans. The breach is framed as a significant setback for the U.S. healthcare system, amplifying concerns surrounding data security and privacy within the industry.

Presidential Pressure and Calls for Remedial Action

Against the backdrop of escalating legal challenges and regulatory scrutiny, the investigation unfolds amidst a backdrop of heightened urgency. Reports emerged that UnitedHealth Group CEO Andrew Witty was summoned to the White House by Biden Administration officials, urging decisive action to rectify the lingering disruptions stemming from the cyber attacks. Sources cited by the Washington Post reveal an environment of heightened concern, with officials pressing for swift resolutions to mitigate the enduring impact on the healthcare system.

As the investigation progresses, stakeholders across the healthcare landscape brace for potential ramifications while advocating for comprehensive measures to fortify cybersecurity protocols and safeguard patient data from future breaches. The outcome of the probe holds significant implications not only for UnitedHealth Group and Change Healthcare but also for the broader healthcare sector grappling with evolving cyber threats.

Also Read: Navigating Privacy and Cybersecurity in Healthcare: Insights from ‘Let’s Talk Compliance’ Series