The US government is now investigating the Change Healthcare cyberattack

Image Credit: Shutterstock (Image credit: Shutterstock)

The US government is now investigating the recent Change Healthcare cyberattack in order to establish whether or not sensitive customer and patient data was stolen.

The investigation is coordinated by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), which is tasked with enforcing the Health Insurance Portability and Accountability Act (HIPAA), whose goal is to ensure that private patient data remains private (unless the patients agree otherwise).

The company posted a short announcement on its status update website, saying a problem has been identified. “Some applications are currently unavailable,” the company said. “Optum is currently triaging the issue and will provide further updates as they are available.” Change Healthcare merged with Optum two years ago, in a $7.8 billion deal.

BlackCat's rugpull

The disruption affected more than just Change. Local Michigan media, for example, reported that pharmacies were experiencing outages as a result of the attack. Scheurer Health announced, via Facebook, that it was unable to process prescriptions through patient insurance due to the “nationwide outage from the largest prescription processor in North America.”

Earlier this week, BleepingComputer said the outage was still impacting operations across the U.S. healthcare industry. The UnitedHealthcare Group (UHG), Change Healthcare’s parent company, expects to revive its payments platform on March 15, and medical claims network and software on March 18.

"Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident," said OCR head Melanie Fontes Rainer. "OCR's investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and Change Healthcare's and UHG's compliance with the HIPAA Rules."

In the aftermath of the attack, the notorious ransomware operator BlackCat abruptly shut down all operations and called it quits. An affiliate came forward, saying they were the ones breaching Change Healthcare, and that they forced the firm to pay $22 million in ransom to keep roughly 4TB of sensitive data private. BlackCat, instead of paying the affiliate their share, allegedly took the money and ran. The affiliate is now apparently stuck with terabytes of sensitive Change Healthcare information.

More from TechRadar Pro

Change Healthcare hit by major cyberattack — US health tech giant sees website taken offline, login pages unavailable
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.