Tag: Modern Healthcare

UHC Responsible for Breach Notifications

 Author: Seymore Bones  Published Date: June 5, 2024  Leave a Comment on UHC Responsible for Breach Notifications

The Health and Human Services (HHS) Department announced Friday (May 31, 2024), United HealthCare must take responsibility for informing people about privacy breaches resulting for the the Change Healthcare cyberattack. 

UnitedHealth Group previously disclosed that the ransomware attack exposed personal information of a “substantial portion” of Americans. 

That “substantial portion” turns out to be 1 in 3 Americans.

“OCR must affirm its position that the breach was perpetrated upon Change Healthcare, whose status as a healthcare clearinghouse makes them a covered entity under HIPAA and thus responsible for the breach of any [protected health information] which it processes or facilitates the processing of,”

Under HIPAA, UnitedHealth Group must provide affected individuals with descriptions of the incident, what data were compromised, how the company responded to the attack, how the company can be reached and what individuals can do to protect themselves.