The Department of Veterans Affairs recently informed 15 million patients that their personal health information had been breached during the February cyberattack on Change Healthcare. The company, which is owned by UnitedHealth Group (UHG), has begun notifying health care providers and other customers about the stolen data. According to Witty, UHG CEO, a “significant portion of the population” was affected by the breach. This highlights the risk of concentrating mission-critical services and health care data within UHG and the systemic impact of cyberattacks on the healthcare industry.
The Department of Health and Human Services announced on May 31 that hospitals and health systems could require UHG to notify patients if their data was stolen in the cyberattack. Several hospital groups had previously urged UHG to issue breach notifications on behalf of providers or customers if protected health information or personally identifiable information was stolen. This underscores the importance of cybersecurity in healthcare and the need for robust data protection measures.
As the healthcare industry increasingly relies on digital systems and technology, ensuring the security and confidentiality of patient data is paramount to maintaining trust and safeguarding sensitive information. The ongoing efforts to address and mitigate the impacts of the cyberattack serve as a reminder of the ever-evolving threat landscape and the importance of proactive measures to protect against cybersecurity risks. Change Healthcare plans to mail letters to affected individuals in late July after reviewing the data, highlighting their commitment to transparency and accountability in protecting patient information.
