Hacking, Ransomware Continue to Plague Health Care Industry

The Biden administration has launched an investigation into UnitedHealth Group following the cyberattack on its subsidiary Change Healthcare, which caused significant disruption in payments and claims processing for pharmacies and health systems across the nation. Cyberattacks targeting the nation’s largest insurer — UnitedHealthcare — have been on the rise in recent years and exposed almost 750,000 patient records in 2023 alone, according to the HHS Office for Civil Rights (OCR).

Since 2010, UnitedHealthcare reported 21 data breaches to OCR that affected more than 829,000 members, with six of them caused by hacking or IT incidents. As of March 14, the most recent Change Healthcare data breach has not been filed to the OCR breach portal. To meet the requirements of the HIPAA Breach Notification Rule, OCR must be notified within 60 days of the discovery of a data breach.