Federal civil rights investigators are looking into whether protected health information was exposed in the recent cyberattack on Change Healthcare.
The Office for Civil Rights said Wednesday that it also will examine whether Change Healthcare followed laws protecting patient privacy.
Change Healthcare provides technology used to submit and process insurance claims — and handles about 14 billion transactions a year.
The investigation was spurred by “unprecedented magnitude” of the attack, Office for Civil Rights Director Melanie Fontes Rainer said in a letter.
The Office for Civil Rights, which is part of the U.S. Department of Health and Human Services, enforces federal rules that establish privacy and security requirements for patient health information.
UnitedHealth Group, which owns Change Healthcare, said it would cooperate. Spokesman Eric Hausman added that UnitedHealth Group is working with law enforcement to investigate the extent of the attack.
Attackers gained access to some of Change Healthcare’s information technology systems last month, disrupting billing and care-authorization systems across the country.
The American Hospital Association said recently that some patients have seen delays in getting prescriptions, and hospitals have had issues processing claims, billing patients and checking insurance coverage.
Change Healthcare said Wednesday that all of its major pharmacy and payment systems were back online. Last week, the company said it expects to start reestablishing connections to its claims network and software on March 18.
The company also said late last month that the ransomware group ALPHV, or Blackcat, made the breach.
Cybersecurity experts say ransomware attacks have increased substantially in recent years, especially in the health care sector.
___
The Associated Press Health and Science Department receives support from the Howard Hughes Medical Institute’s Science and Educational Media Group. The AP is solely responsible for all content.
Source: post