iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A probe into the Change Healthcare attack has been launched by the US government to determine whether or not any health data was stolen.
The Change Healthcare platform was hit by a ransomware attack late last month at the hands of the notorious ALPHV (also known as BlackCat) ransomware group. The attack was originally believed to have been conducted by “nation-state” hackers, with some speculating that a Chinese state hacking group operated as an ALPHV affiliate.
UnitedHealth paid a $22 million ransom to have its data decrypted and copies deleted by the threat group; however, ALPHV pocketed the ransom and left the affiliate high and dry in what is believed to be an exit strategy, meaning the data remained in the hands of the affiliate.
The US Department of Health and Human Services (HHS) has now launched an investigation to determine if any protected health information was stolen in the attack.
The HHS Office for Civil Rights (OCR), which is coordinating the investigation, issued a letter yesterday (13 March) announcing the probe.
“The Office for Civil Rights (OCR) is aware that Change Healthcare, a unit of UnitedHealth Group (UHG), was impacted by a cyber security incident in late February that is disrupting health care and billing information systems nationwide,” it wrote.
“The incident poses a direct threat to critically needed patient care and essential operations of the health care industry.
“Given the unprecedented magnitude of this cyber attack, and in the best interest of patients and healthcare providers, OCR is initiating an investigation into this incident.
“OCR’s investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and Change Healthcare’s and UHG’s compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.”
ALPHV initially claimed to have stolen six terabytes of “highly selective data”, which affected a number of major Change Healthcare partners, including Medicare, Tricare, CVS Caremark, Loomis, Davis Vision, Health Net, MetLife, Teachers Health Trust, and “tens of insurance companies and others”.
It also said the exfiltrated data includes “millions of” medical records, dental records, payment and claims information, insurance records, over 3,000 source code files for Change Healthcare and both active military personnel and patient personally identifiable information (PII) such as phone numbers, emails, addresses, social security numbers.
Be the first to hear the latest developments in the cyber industry.
