• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Feds Launches Investigation of Change Healthcare Cybersecurity Attack

by Fred Pennic 03/13/2024 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

What You Should Know:

– The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced an investigation into the recent cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group (UHG).

– The cybersecurity attack has significantly disrupted healthcare billing and information systems nationwide, potentially impacting patient care.

Investigation Focuses on HIPAA Compliance

The OCR enforces the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules. These rules establish minimum standards for protecting patient privacy, securing electronic health information, and notifying individuals in case of a data breach.

The OCR’s investigation will focus on two key areas:

  1. Determining if a Breach Occurred: The investigation will determine if the cyberattack resulted in a breach of protected health information (PHI) held by Change Healthcare.
  2. Compliance with HIPAA Rules: The OCR will assess Change Healthcare’s and UHG’s compliance with the HIPAA Rules, specifically regarding data security measures and breach notification protocols.

Impact on Downstream Partners

The OCR emphasizes that healthcare providers, health plans, and business associates who partnered with Change Healthcare remain a secondary concern. However, the agency reminds them of their obligations under HIPAA, including:

  • Maintaining valid business associate agreements with Change Healthcare.
  • Implementing timely breach notification procedures as required by HIPAA, notifying both HHS and affected individuals if a breach is confirmed.

Growing Impact of Ransomware in Healthcare

Ransomware and hacking are the primary cyber-threats in healthcare. Over the past five years, there has been a 256% increase in large breaches reported to OCR involving hacking and a 264% increase in ransomware. In 2023, hacking accounted for 79% of the large breaches reported to OCR. The large breaches reported in 2023 affected over 134 million individuals, a 141% increase from 2022.

“OCR is committed to helping health care entities understand health information regulations and to collaboratively working with entities to navigate the serious challenges we face together… We encourage all entities to review the cybersecurity measures they have in place with urgency to ensure that critically needed patient care can continue to be provided and that health information is protected,” said Melanie Fontes Rainer, Director of OCR.

The HHS Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information may be found at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Cybersecurity, Revenue Cycle Management

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Paradigm Shift in Diabetes Care with Studio Clinics: Q&A with Reach7 Founder Chun Yong

Most-Read

Medtronic to Separate Diabetes Business into New Standalone Company

Medtronic to Separate Diabetes Business into New Standalone Company

White House, IBM Partner to Fight COVID-19 Using Supercomputers

HHS Sets Pricing Targets for Trump’s EO on Most-Favored-Nation Drug Pricing

23andMe to Mine Genetic Data for Drug Discovery

Regeneron to Acquire Key 23andMe Assets for $256M, Pledges Continuity of Consumer Genome Services

CureIS Healthcare Sues Epic: Alleges Anti-Competitive Practices & Trade Secret Theft

The Evolving Role of Physician Advisors: Bridging the Gap Between Clinicians and Administrators

The Evolving Physician Advisor: From UM to Value-Based Care & AI

UnitedHealth Group Names Stephen Hemsley CEO as Andrew Witty Steps Down

UnitedHealth CEO Andrew Witty Steps Down, Stephen Hemsley Returns as CEO

Omada Health Files for IPO

Omada Health Files for IPO

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |