UnitedHealth Group and its subsidiary Change Healthcare have been subjected to an investigation by the Department of Health and Human Services' Office for Civil Rights that seeks to determine the compromise of protected health information following a cyberattack against Change Healthcare last month, which has resulted in significant prescription processing disruptions across the U.S., BleepingComputer reports.
"Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident," said HHS OCR Director Melanie Fontes Rainer, who noted that the agency will also be looking into the adherence of UnitedHealth Group and Change Healthcare with HIPAA rules. Such a development comes after the ALPHV/BlackCat ransomware operation, which took credit for the intrusion that allegedly resulted in the theft of 6 TB of data, dismantled its operations amid claims of exfiltrating the $22 million ransom provided by Optum, another UnitedHealth Group unit that manages Change Healthcare's systems.