Powered by MOMENTUM MEDIA
cyber daily logo

Powered by MOMENTUMMEDIA

Breaking news and updates daily.

Subscribe to our Newsletter

Powered by MOMENTUM MEDIA
Breaking news and updates daily. Subscribe to our Newsletter
facebook linkedin X Instagram youtube

Explore

SECTIONS

MORE

search button

UnitedHealth to cop notification burden for affected healthcare orgs

The US health department has advised that healthcare providers affected by the Change Healthcare cyber attack earlier this year can request that UnitedHealth notify those affected.

user icon Daniel Croft
Fri, 14 Jun 2024 Security
UnitedHealth to cop notification burden for affected healthcare orgs
expand image

UnitedHealth’s Change Healthcare suffered a major cyber attack in February, resulting in the company’s systems being taken offline and leaving healthcare providers across the US without claims infrastructure, resulting in many of their operations coming to a standstill.

In an effort to take the burden of the incident off of healthcare organisations affected by the cyber attack, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has said that affected institutions can request that UnitedHealth notify the affected individuals.

You’re out of free articles for this month

“Affected covered entities that want Change Healthcare to provide breach notifications on their behalf should contact Change Healthcare,” said OCR director Melanie Fontes Rainer in a statement

The update comes as the healthcare giant is still yet to notify those affected, which its CEO Andrew Witty revealed last month was “maybe a third” of all Americans.

UnitedHealth said it will still be several months before it would be able to identify all those affected and begin notifying them, despite the attack occurring on 21 February, over three months ago, and US law stating that individual patients must be notified of a data breach within 60 days of discovery.

The attack on Change Healthcare was originally believed to have been by a Chinese state-sponsored actor but was then claimed by the now-defunct ALPHV (BlackCat).

Cyber Daily logo
VIEW ALL

UnitedHealth paid ALPHV US$22 million in ransom payments. However, ALPHV pocketed the money and went dark, leaving the ransomware affiliate behind the breach stranded without pay but with the stolen UnitedHealth data.

As a result, UnitedHealth was still in trouble, particularly when a second ransomware gang, RansomHub, claimed to have the data and threatened to publish it if it did not receive a ransomware payment. Not long after, the group published some data claiming the entirety of it was now for sale to the highest bidder.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
You need to be a member to post comments. Become a member for free today!

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.
CD Logo

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED

Be the first to hear the latest developments in the cyber industry.

momentummedia media
most innovative companies awards

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

CATEGORIES

STAY CONNECTED

Copyright © 2025 MOMENTUMMEDIA