In the aftermath of the cyberattack on Change Healthcare, which has persisted for over a week, the emergence of legal actions doesn’t come as a surprise. Multiple lawsuits have been initiated in both Minnesota and Tennessee by patients aiming for potential class action status due to concerns regarding the company’s failure to protect their data. 

For example, a patient in Minnesota filed a lawsuit asserting that they hadn’t received direct notification of the breach or any updates regarding the status of their personal information. They expressed that had they been aware of the security deficiencies, they would have sought medical services elsewhere. Another lawsuit from Minnesota highlighted how the breach affected a patient’s ability to refill prescriptions promptly.

Law firms are also investigating the possibility of initiating class action lawsuits. Gibbs Law Group, headquartered in Oakland, California, noted on its website that the disruption caused by the cyberattack has resulted in patients incurring out-of-pocket expenses for prescriptions or experiencing delays in medication refills. The firm is seeking input from affected patients to evaluate the situation thoroughly.

UnitedHealth Group has not addressed the legal implications on its ongoing update page. Instead, the company has provided continuous updates regarding its response efforts across various healthcare sectors and addressed potential exposure of patient information in its frequently asked questions section.

In a recent update on the cyber incident at Change Healthcare, Optum confirmed that the attack was by a cybercrime group known as BlackCat or ALPHV. Optum is actively collaborating with law enforcement agencies and third-party organizations to mitigate the effects of the attack, which continues to disrupt the industry. Various solutions are being implemented to ensure access to medications and other essential services during the incident.

The Federal Bureau of Investigation, the Department of Health and Human Services, and the Cybersecurity and Infrastructure Security Agency issued a joint advisory highlighting warning signs of compromise by the BlackCat ransomware actor and recommended actions to mitigate ransomware attacks.

The hacking group allegedly behind the attack claimed to have stolen “millions” of records before promptly deleting the post. This group, known as “Blackcat” or “ALPHV,” has a history of cyberattacks on various industries.

The ongoing disruption is expected to persist for at least another day, according to Optum. This has had a significant impact on pharmacies nationwide, with reports of challenges in processing insurance claims and accessing medications. However, there’s no evidence to suggest that CVS Health’s systems have been compromised.

UnitedHealth Group disclosed in an SEC filing that a suspected nation-state-associated threat actor was responsible for the cyberattack on Change Healthcare. The company is actively working to restore affected systems and has notified customers, clients, and certain government agencies.

The American Hospital Association has advised disconnecting from Optum’s services until the cyber incident at Change Healthcare is resolved, citing potential significant impacts on providers. Change Healthcare, now a subsidiary of Optum, is actively addressing the cybersecurity issue to prevent further disruption to partners and patients.

Change Healthcare, a significant player in revenue cycle and payment management technology within the healthcare industry, processes billions of transactions annually, impacting a substantial portion of U.S. patients.

Leave a Reply