March 14, 2024 at 06:09AM
The US Department of Health and Human Services’ Office for Civil Rights (OCR) is investigating the recent Change Healthcare data breach, aiming to determine if protected health information was compromised. The ransomware attack disrupted healthcare operations, impacting 7,000 pharmacies and hospitals. OCR will focus on Change Healthcare and UnitedHealth Group’s compliance with HIPAA rules.
Key takeaways from the meeting notes:
– The US Department of Health and Human Services’ Office for Civil Rights (OCR) is investigating the recent Change Healthcare data breach to determine if protected health information was compromised.
– The ransomware attack on Change Healthcare’s claims and payment infrastructure impacted over 7,000 pharmacies and hospitals, disrupting prescription processing.
– UnitedHealth Group (UHG), the parent company of Change Healthcare, announced that pharmacy services have been restored and electronic payment functionality would be back up by the end of the week.
– The Alphv/BlackCat ransomware group took responsibility for the attack and claimed to have stolen at least four terabytes of data. Change Healthcare reportedly paid a $22 million ransom, but the attackers pulled an exit scam.
– OCR emphasized the disruption of health care and billing operations and stated that the investigation will focus on whether a breach of protected health information occurred, with a specific emphasis on Change Healthcare and UHG’s compliance with HIPAA rules.
– OCR also reminded entities partnered with Change Healthcare and UHG about their regulatory obligations, including ensuring business associate agreements and timely breach notifications.
– OCR administers and enforces HIPAA privacy, security, and breach notification rules, setting minimum requirements for safeguarding protected health information and reporting data breaches.
Additionally, related articles and incidents about ransomware attacks in the healthcare sector were mentioned in the notes.