March 13, 2024 at 04:22PM
The U.S. Department of Health and Human Services is investigating a ransomware attack on UnitedHealthcare Group (UHG) subsidiary Optum, which affected the Change Healthcare platform. The attack, attributed to the BlackCat ransomware gang, compromised sensitive health information of millions, impacting operations in the U.S. healthcare industry. The investigation follows claims of a 6TB data theft.
The meeting notes entail the recent cyberattack on UnitedHealthcare Group (UHG) subsidiary Optum, operated by Change Healthcare, by the BlackCat ransomware gang. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is leading an investigation to determine if protected health information was stolen, in line with the Health Insurance Portability and Accountability Act (HIPAA) rules. The attack has had a significant impact on U.S. healthcare operations, with UHG estimating system restoration by March 15 and medical claims network and software by March 18. The BlackCat ransomware gang claims to have stolen 6TB of sensitive data, prompting OCR’s focus to be on both whether a breach occurred and UHG’s and Change Healthcare’s compliance with HIPAA Rules. Moreover, the BlackCat gang is involved in a larger pattern of attacks and allegedly an exit scam after a $22 million ransom was paid. This situation represents an increasing cyber-threat in healthcare, with hacking breaches increasing by 256% in the past five years and hacking accounting for 79% of the large breaches reported in 2023.