HHS opens probe into UnitedHealth’s cybersecurity as hack fallout continues | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

[ad_1]

The Biden administration is opening an investigation into UnitedHealth Group following a cyberattack on a subsidiary that has crippled health-care payments and probably exposed millions of patients’ data.

The Department of Health and Human Services on Wednesday said its probe would focus on identifying the extent of the breach and compliance by UnitedHealth and its subsidiary, Change Healthcare, with the Health Insurance Portability and Accountability Act — widely known as HIPAA — which is intended to protect patients’ private data.

“Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident,” the HHS Office for Civil Rights said in a statement.

The federal government has investigated and penalized health-care organizations for data breaches. Anthem in 2020 paid a $16 million settlement following a 2015 data breach that exposed the protected health information of 79 million people. Industry leaders have said the Feb. 21 attack on Change Healthcare — the nation’s largest processor of medical claims — represents the most significant incident of its kind in the U.S. health system’s history. Hackers stole data about patients, encrypted company files and demanded money to unlock them.

UnitedHealth said it would cooperate with the investigation.

“Our immediate focus is to restore our systems, protect data and support those whose data may have been impacted,” the company said in a statement. “We are working with law enforcement to investigate the extent of impacted data.”

Three weeks after the cyberattack, and with many health-care payments still frozen, hospitals and doctors have continued to warn that they are struggling to meet payroll, and lawmakers have pleaded with UnitedHealth to take additional actions. The White House on Tuesday met with UnitedHealth CEO Andrew Witty and other health industry leaders, urging them to rush payments to affected providers.

Sen. Maggie Hassan (D-N.H.) appealed to President Biden on Monday to help address the payment crisis when the president visited New Hampshire, according to three people who spoke on the condition of anonymity to describe a private conversation. Hassan’s office confirmed that the senator spoke to the president about the issue but declined to offer details.

Hassan on Tuesday wrote to UnitedHealth, saying that rural hospitals in her state were hard-hit by the Change Healthcare outage and that the company’s financial response continued to be insufficient, in a letter that her office shared with The Washington Post.

“Due to the Change Healthcare hack, these hospitals have seen nearly all — 98 percent — of their claims and cash flow disappear in the last few weeks,” Hassan wrote, adding that the hospitals need “urgent financial support” to continue providing patient care.

Faced with sustained criticism, the insurance industry has defended its response. UnitedHealth last week laid out a timeline for bringing its services back online and said it expects to begin testing and reestablishing its claims network March 18.

“Health insurance plans have taken immediate and comprehensive steps to support providers and ensure continuity in patient care in response to the cyberattack,” AHIP, the insurance industry’s lobbying arm, said in a statement Tuesday.

But lawmakers and health-care provider groups say the efforts are still falling short.

Despite UnitedHealth’s assurances, “providers in our state have yet to report any meaningful relief in a situation where every minute counts,” Connecticut’s congressional delegation wrote Wednesday to HHS Secretary Xavier Becerra. “We urge you to hold UHG accountable and ensure that UHG’s response meets the moment.”

[ad_2]

——————————————————–


Click Here For The Original Story From This Source.

.........................

National Cyber Security

FREE
VIEW