The U.S. Department of Health and Human Services is opening an investigation into UnitedHealth and its Change Healthcare subsidiary following a ransomware attack that for three weeks has essentially shut down payments to health care providers and hobbled pharmacies trying to fill prescriptions.
The OCR also examine other entities that have partnered with Change and UHG, though that part of the investigation is secondary, OCR Director Melanie Fontes Rainer wrote in a letter.
HHS' investigation is the latest indication of the federal government becoming more deeply involved in the investigation into the ransomware attack and the ensuing health care chaos.
Raines' letter was sent a day after the Biden Administration met with UHG CEO Andrew Witty and representatives from three dozen health care providers, hospitals, health insurers, and other organizations to develop steps that could help mitigate the problems caused by the attack.
Chiquita Brooks-LaSure, administrators for the U.S. Centers for Medicare and Medicaid Services, said in a statement that the office was pulling together guidance to enables states to offer more flexibility in supporting Medicaid providers and suppliers.
Over the weekend, the Biden Administration ramped up the pressure on both UHG and health insurers to ease the flow of money during the crisis.
The White House told insurance companies and other payers to make interim payments to providers, particularly for Medicaid plans and to ease restrictions on electronic payment systems, including by accepting paper claims.
HHS last week listed steps it was taking to help reduce payment barriers and the National Security Council also reportedly was examining options for getting money to hard-hit hospitals.
The ransomware-as-a-service group BlackCat - also known as ALPHV - has taken credit for the attack, saying on its leak site that it had stolen sensitive health and patient data.
BlackCat also appears to have disappeared with $22 million in ransom paid by Change, shutting down its operations and refusing to share the money with the affiliate group that purportedly helped it gain entrance into the Change systems.
The attack has had a crippling effect on wide swaths of the U.S. health care industry.
Change operates as a go-between for hospitals and clinics and health insurance companies for processing payments, medical and insurance claims, and prescription orders, along with other tasks.
Change reportedly processes about half of the medical claims in the United States for about 900,000 physicians, 33,000 pharmacies, 5,500 hospitals, and 600 laboratories.
HHS said the company processes 15 billion health care transactions every year and is involved in one of every three patient records.
This Cyber News was published on securityboulevard.com. Publication date: Wed, 13 Mar 2024 21:13:05 +0000