Change Healthcare Cyberattack Impacts Over 100 Million, Largest HIPAA Breach

TL/DR –

The protected health information of at least 100 million people was compromised in a cyberattack on Change Healthcare, marking the largest known breach at a HIPAA-regulated entity. This cyberattack, later confirmed to be a ransomware attack, affected claims payments for numerous hospitals and physician practices. UnitedHealth Group, which bought Change two years ago, paid a $22 million bitcoin ransom to protect the health information of patients and continues to update on the restoration progress.

Change Healthcare Cyberattack Compromises Protected Health Information

Change Healthcare’s recent cyberattack has left the protected health information (PHI) of a staggering 100 million individuals exposed, as reported by
The HIPAA Journal. This accounts for nearly one-third of the US population, setting a new record for the largest known data breach involving a HIPAA-regulated entity.

Previous Data Breach Records

The previous record was held by Anthem in 2015, with 78.8 million individuals affected. The Office of Civil Rights has received an updated report of this breach and is currently investigating Change Healthcare’s HIPAA compliance prior to the cyberattack.

Impact of the Cyberattack

The ransomware attack on Change Healthcare occurred on February 21, disrupting claims payments for numerous hospitals and physician practices. UnitedHealth Group, which
acquired Change for $13 billion two years ago, continues to provide updates on the restoration progress.

UnitedHealth Group’s Response

In an effort to protect patient data, UnitedHealth Group’s CEO Andrew Witty confirmed to the Congress in May that a decision was made to pay a $22 million ransom in bitcoin.

—
Read More Health & Wellness News ; US News