In this photo illustration, the UnitedHealth Group logo is displayed on a tablet.
Igor Golovniov | Sopa Images | Light Rocket | Getty Images
The U.S. Department of Health and Human Services has Investigate Enter UnitedHealth Group Its Change Healthcare unit suffered a cyberattack that disrupted critical operations at pharmacies and hospitals across the United States
The U.S. Department of Health and Human Services Office for Civil Rights said in a statement statement on wednesday It is investigating the incident due to the “unprecedented scale of the cyber attack”. OCR enforces the Health Insurance Portability and Accountability Act’s security, privacy, and breach notification rules that most health plans, providers, and clearinghouses (such as Change Healthcare) are required to comply with to protect health information.
“OCR’s investigation of Change Healthcare and UHG will focus on whether a protected health information violation occurred and whether Change Healthcare and UHG complied with HIPAA rules,” the department said.
Change Healthcare provides e-prescribing software and tools for payment and revenue cycle management. According to parent company UnitedHealth, a cyber threat actor compromised part of the department’s information technology network on February 21. a filing and the U.S. Securities and Exchange Commission.
UnitedHealth told CNBC in a statement that it will cooperate with OCR’s investigation.
“Our current focus is on restoring our systems, protecting data and supporting those whose data may have been affected,” the company said. “We are working with law enforcement to investigate the extent of the affected data.”
UnitedHealth shut down affected systems after discovering the threat, according to SEC filings. The company said on Thursday it expected to restore the network in mid-March. As of Friday, UnitedHealth said e-prescribing was “fully functional” and it expected electronic payment capabilities would be available starting March 15. The company will “begin testing” on March 18 to re-establish connectivity to its claims network.
In late February, Change Healthcare said the ransomware group Blackcat was behind the attack. Blackcat, also known as Noberus and ALPHV, steals sensitive data from organizations and threatens to make it public unless a ransom is paid. Released in December From the Department of Justice.
UnitedHealth has not disclosed what specific data was compromised in the attack or whether it agreed to pay a ransom to bring the system back online.