What you could know:
– The Department of Health and Human Services Office for Civil Rights (OCR) introduced an investigation right into a latest cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group (UHG).
– Cybersecurity assaults may considerably disrupt healthcare billing and data techniques throughout the nation and influence affected person care.
Research centered on HIPAA compliance
OCR enforces the Health Insurance Portability and Accountability Act (HIPAA) privateness, safety, and breach notification guidelines. These guidelines set up minimal requirements for shielding affected person privateness, defending digital well being data, and notifying people within the occasion of a knowledge breach.
OCR analysis focuses on two important areas:
Determining whether or not a breach has occurred: The investigation will decide whether or not a cyber-attack compromised protected well being data (PHI) held by Change Healthcare. Compliance with HIPAA Rules: OCR evaluates Change Healthcare and UHG’s compliance along with her HIPAA Rules, particularly concerning: Data Security Measures and Breach Notification Protocol.
Impact on downstream companions
OCR emphasizes that healthcare suppliers, well being plans, and enterprise associates affiliated with Change Healthcare stay a secondary concern. However, the company reminds them of their obligations underneath HIPAA:
Maintain a sound enterprise affiliate settlement with Change Healthcare. Implementing well timed breach notification procedures as required by HIPAA, he’ll notify each HHS and affected people when a violation is confirmed.
The influence of ransomware in healthcare is rising
Ransomware and hacking are the principle cyber threats in healthcare. Over the previous 5 years, large-scale breaches involving hacks reported to OCR have elevated by 256%, and ransomware has elevated by 264%. In 2023, 79% of large-scale breaches reported to OCR had been as a consequence of hacking. The largest reported breaches in 2023 affected greater than 134 million individuals, a 141% improve from 2022.
“OCR is dedicated to serving to healthcare organizations perceive well being data laws and dealing collaboratively with them to beat the intense challenges we face… We encourage all sufferers to urgently overview the cybersecurity measures they’ve in place to make sure they will proceed to supply urgently wanted affected person care.” mentioned OCR Director Melanie Fontes Reiner.
HHS Breach Portal: Notification to the Secretary of HHS of unsecured protected well being data is on the market at https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf.