The Change Healthcare data breach due to a ransomware attack has introduced significant disruptions across the healthcare sector, with UnitedHealth, the parent company, estimating potential costs to be around $1.6 billion. The breach prompted concerns about reporting responsibilities under HIPAA, with provider organizations urging the Office for Civil Rights for clarity and a declaration of sole responsibility resting with Change Healthcare for breach notifications. UnitedHealth has offered support and to undertake notification responsibilities, yet provider organizations seek OCR validation to ensure legal compliance falls on UnitedHealth Group/Change Healthcare as the affected covered entity.
TPRM report: https://scoringcyber.rankiteo.com/company/change-healthcare
"id": "cha002011725",
"linkid": "change-healthcare",
"type": "Breach",
"date": "5/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Change Healthcare',
'type': 'Company'}],
'description': 'The Change Healthcare data breach due to a ransomware attack '
'has introduced significant disruptions across the healthcare '
'sector, with UnitedHealth, the parent company, estimating '
'potential costs to be around $1.6 billion. The breach '
'prompted concerns about reporting responsibilities under '
'HIPAA, with provider organizations urging the Office for '
'Civil Rights for clarity and a declaration of sole '
'responsibility resting with Change Healthcare for breach '
'notifications. UnitedHealth has offered support and to '
'undertake notification responsibilities, yet provider '
'organizations seek OCR validation to ensure legal compliance '
'falls on UnitedHealth Group/Change Healthcare as the affected '
'covered entity.',
'impact': {'financial_loss': ['$1.6 billion']},
'regulatory_compliance': {'regulations_violated': ['HIPAA']},
'title': 'Change Healthcare Data Breach',
'type': 'Data Breach, Ransomware'}