The U.S. Division of Well being and Human Providers is investigating whether or not protected well being info was stolen in a ransomware assault that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late February.
This investigation is coordinated by HHS’ Office for Civil Rights (OCR), which enforces the Well being Insurance coverage Portability and Accountability Act (HIPAA) guidelines that defend sufferers’ well being info from being disclosed with out their data or consent.
UnitedHealth Group confirmed in late February that Change Healthcare programs and providers have been shut down after a cyberattack by “nation-state” hackers, which was later linked to the BlackCat (ALPHV) ransomware gang.
Change Healthcare is the biggest cost alternate platform utilized by medical doctors, healthcare suppliers, and sufferers within the U.S. healthcare system and by greater than 70,000 pharmacies, whereas UHG has contracts with over 1.6 million well being professionals and eight,000 healthcare services throughout all 50 U.S. states.
“We can’t say this extra clearly – the Change Healthcare cyberattack is essentially the most vital and consequential incident of its sort in opposition to the U.S. well being care system in historical past,” said Rick Pollack, the President and CEO of the American Hospital Affiliation, final week.
“For almost two weeks, this assault has made it more durable for hospitals to offer affected person care, fill prescriptions, submit insurance coverage claims, and obtain cost for the important well being care providers they supply.”
Though UHG has introduced some of the impacted systems back online after the crippling February ransomware assault, the ensuing outage continues to be impacting operations throughout the U.S. healthcare trade, with the corporate estimating that it is going to be capable of revive its funds platform on March 15 and medical claims community and software program on March 18.
“Given the unprecedented magnitude of this cyberattack, and in the most effective curiosity of sufferers and well being care suppliers, OCR is initiating an investigation into this incident,” said OCR head Melanie Fontes Rainer.
“OCR’s investigation of Change Healthcare and UHG will give attention to whether or not a breach of protected well being info occurred and Change Healthcare’s and UHG’s compliance with the HIPAA Guidelines.”
Claims of 6TB information theft
The investigation follows the BlackCat ransomware gang’s claims that they stole 6TB of data from Change Healthcare’s network belonging to “1000’s of healthcare suppliers, insurance coverage suppliers, pharmacies, and many others.”
They stated they stole supply code for Change Healthcare options and delicate info from many companions, together with the U.S. army’s Tricare healthcare program, the Medicare federal medical health insurance program, CVS Caremark, MetLife, Well being Web, and lots of different healthcare insurance coverage suppliers.
Delicate information stolen from Change Healthcare’s compromised programs allegedly contains info on thousands and thousands of individuals, reminiscent of PII information, medical information, insurance coverage information, dental information, cost info, claims info, and PII information of energetic U.S. army/navy personnel.
Earlier this month, BlackCat ransomware shut down in an exit scam amidst claims that they stole the $22 million ransom paid by Optum to the operator behind the Change Healthcare assault.
This would not be uncommon since BlackCat is believed to be a rebrand of the DarkSide and BlackMatter ransomware operations, with the previous additionally shutting down after their attack on Colonial Pipeline in Might 2021.
Nevertheless, the ransomware affiliate behind the assault claims that they nonetheless have Change Healthcare’s stolen information, indicating they might try and extort the corporate once more.
The FBI says this ransomware gang raked in at least $300 million in ransoms from over 1,000 victims till September 2023, whereas the U.S. State Division now provides up to $15 million for suggestions that would assist find BlackCat gang leaders and anybody linked to the group’s assaults.
“Ransomware and hacking are the first cyber-threats in well being care. Over the previous 5 years, there was a 256% enhance in giant breaches reported to OCR involving hacking and a 264% enhance in ransomware,” HHS added today.
“In 2023, hacking accounted for 79% of the big breaches reported to OCR. The big breaches reported in 2023 affected over 134 million people, a 141% enhance from 2022.”
