The U.S. Department of Health and Human Services is launching an investigation into the ransomware attack on Change Healthcare following weeks of disruption to healthcare and billing operations at hospitals, clinics and pharmacies across the country.
The announcement follows a meeting to address the crisis on Tuesday between White House officials, medical industry representatives, HHS Secretary Xavier Becerra and Andrew Witty, the CEO of UnitedHealth Group, Change Healthcare's parent company.
The investigation, Fontes Rainer said, will focus on whether protected health information was compromised and if Change Healthcare and UHG complied with Health Insurance Portability and Accountability Act rules.
One expert told Recorded Future News last week that the incident is costing upwards of $100 million a day - with hospitals across the U.S. reporting issues.
Experts believe Change Healthcare processes about half of all medical claims in the U.S. The Washington Post reported on Tuesday that Biden administration officials are livid with UnitedHealth for its handling of the fiasco.
Change Healthcare runs one of the most widely-used electronic prescribing services for pharmacies.
It took its systems offline when it detected a ransomware attack on February 21 by the AlphV/BlackCat gang.
The outage had an immediate impact nationwide on pharmacies, hospital systems, physician networks and other healthcare organizations.
Health providers have been unable to properly file for and receive insurance payments, and large healthcare providers have reported cash flow problems of hundreds of millions of dollars as they were unable to receive payments for claims.
Even after allegedly paying a ransom to the now-defunct ransomware gang, the company has struggled to restore its platform, fomenting a crisis that has prompted senior Congressional leaders and the White House to get involved.
Last week, the company was able to restore some systems but said the broader payments platform will not be running again until March 15.
The incident has reignited concerns raised by the Justice Department over UnitedHealth's purchase of Change Healthcare, which they initially sued to block in 2022.
Through its subsidiary Optum, UnitedHealth already controlled one of the biggest healthcare IT companies in the U.S. and Change Healthcare was one of its biggest rivals.
The Justice Department lost the lawsuit, effectively centralizing significant parts of the U.S. healthcare system into one company's hands.
HHS noted on Wednesday that ransomware attacks targeting the healthcare industry have increased 256% over the last five years - with healthcare-related data breaches in 2023 affecting more than 134 million people.
LockBit administrator sentenced to almost four years in prison after guilty plea.
Jonathan has worked across the globe as a journalist since 2014.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
He previously covered cybersecurity at ZDNet and TechRepublic.
This Cyber News was published on therecord.media. Publication date: Wed, 13 Mar 2024 20:15:46 +0000