On this photo illustration, the UnitedHealth Group logo is displayed on a tablet.
Igor Golovniov | Sopa Images | Lightrocket | Getty Images
The U.S. Department of Health and Human Services has launched an investigation into UnitedHealth Group following the cyberattack on its Change Healthcare unit that has disrupted crucial operations in pharmacies and hospitals across the U.S.
The HHS Office for Civil Rights said in a statement Wednesday that it’s investigating the incident attributable to the “unprecedented magnitude of the cyberattack.” The OCR enforces the Health Insurance Portability and Accountability Act’s security, privacy and breach notification rules, which most health plans, providers and clearinghouses comparable to Change Healthcare are required to follow to guard health information.
“OCR’s investigation of Change Healthcare and UHG will concentrate on whether a breach of protected health information occurred and Change Healthcare’s and UHG’s compliance with the HIPAA Rules,” the department said.
Change Healthcare offers electronic prescription software and tools for payment and revenue cycle management. Parent company UnitedHealth discovered that a cyber threat actor breached a part of the unit’s information technology network on Feb. 21, based on a filing with the U.S. Securities and Exchange Commission.
UnitedHealth told CNBC in an announcement that it’s going to cooperate with the investigation from the OCR.
“Our immediate focus is to revive our systems, protect data and support those whose data can have been impacted,” the corporate said. “We’re working with law enforcement to analyze the extent of impacted data.”
UnitedHealth took the affected systems offline after identifying the threat, based on the SEC filing. The corporate said on Thursday that it expects to revive its networks by mid-March. As of Friday, UnitedHealth said electronic prescribing is “fully functional,” and it expects electronic payment functionality to be available starting March 15. The corporate will “begin testing” to reestablish connectivity to its claims network on March 18.
In late February, Change Healthcare said that ransomware group Blackcat was behind the attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, based on a December release from the Department of Justice.Â
UnitedHealth has not disclosed what specific data was compromised within the attack, or if it has agreed to pay a ransom to bring systems back online.
