Biden administration investigating Change Healthcare cyberattack as disruptions continue
The U.S. Department of Health and Human Services has launched an investigation into UnitedHealth Group following the cyberattack on its Change Healthcare unit that has disrupted crucial operations in pharmacies and hospitals across the U.S.
The HHS Office for Civil Rights said in a statement Wednesday that it's investigating the incident due to the "unprecedented magnitude of the cyberattack." The OCR enforces the Health Insurance Portability and Accountability Act's security, privacy and breach notification rules, which most health plans, providers and clearinghouses such as Change Healthcare are required to follow to protect health information.
"OCR's investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and Change Healthcare's and UHG's compliance with the HIPAA Rules," the department said.
Change Healthcare offers electronic prescription software and tools for payment and revenue cycle management. Parent company UnitedHealth discovered that a cyber threat actor breached part of the unit's information technology network on Feb. 21, according to a filing with the U.S. Securities and Exchange Commission.
UnitedHealth told CNBC in a statement that it will cooperate with the investigation from the OCR.
"Our immediate focus is to restore our systems, protect data and support those whose data may have been impacted," the company said. "We are working with law enforcement to investigate the extent of impacted data."
UnitedHealth took the affected systems offline after identifying the threat, according to the SEC filing. The company said on Thursday that it expects to restore its networks by mid-March. As of Friday, UnitedHealth said electronic prescribing is "fully