Biden administration investigates Change Healthcare cyberattack


In this photo illustration the UnitedHealth Group logo is seen displayed on a tablet.

Igor Golovniov | soup images | Light rocket | fake images

The U.S. Department of Health and Human Services has launched an investigation into UnitedHealth Group following the cyberattack on its Change Healthcare unit that has disrupted crucial operations at pharmacies and hospitals across the US.

The HHS Office for Civil Rights said in a statement Wednesday that it is investigating the incident due to the “unprecedented magnitude of the cyberattack.” OCR enforces the Health Insurance Portability and Accountability Act's security, privacy, and breach reporting rules, which most health plans, providers, and clearinghouses, like Change Healthcare, must follow to protect information. of health.

“OCR's investigation into Change Healthcare and UHG will focus on whether a breach of protected health information occurred and Change Healthcare's and UHG's compliance with HIPAA regulations,” the department said.

Change Healthcare offers electronic prescribing software and tools for payment and revenue cycle management. Parent company UnitedHealth discovered that a cyber threat actor breached part of the unit's information technology network on Feb. 21, according to a filing with the U.S. Securities and Exchange Commission.

UnitedHealth told CNBC in a statement that it will cooperate with the OCR investigation.

“Our immediate goal is to restore our systems, protect data, and support those whose data may have been affected,” the company said. “We are working with authorities to investigate the extent of the data affected.”

UnitedHealth took the affected systems offline after identifying the threat, according to the SEC filing. The company said Thursday that it hopes to restore its networks by mid-March. As of Friday, UnitedHealth said e-prescribing is “fully functional” and expects e-payment functionality to be available starting March 15. The company will “begin testing” to restore connectivity to its claims network on March 18.

In late February, Change Healthcare said the Blackcat ransomware group was behind the attack. Blackcat, also called Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to a December statement from the Department of Justice.

UnitedHealth has not disclosed what specific data was compromised in the attack, or whether it agreed to pay a ransom to bring systems back online.

Don't miss these CNBC PRO stories:

scroll to top