From HHS OCR: “On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach. ” As DataBreaches mentioned this morning on Infosec.Exchange, is that 100 million an interim update and we should expect another update with even bigger numbers, or is 100 million the total number…
Search Results for: "change healthcare"
Senate bill pushes cyber mandates for medical industry in wake of Change Healthcare debacle
Jonathan Greig reports: Hospitals and other healthcare businesses would be required to adopt minimum cybersecurity standards and face annual audits under new legislation introduced by two prominent senators on Thursday. The Health Infrastructure Security and Accountability Act, announced by Sens. Ron Wyden (D-OR) and Mark Warner (D-VA), would provide $1.3 billion for the Department of…
State attorneys general send warnings of Change Healthcare breach, urge residents to respond
Read Change Healthcare’s Substitute Notice. Individual notices will go out at the end of July, but they may not have your address to notify you individually. Chad Van Alstin writes: Multiple state attorney generals have sent notices, informing residents about the Change Healthcare breach and urging them to enroll in the credit monitoring and identity…
HHS OCR: Covered entities affected by the Change Healthcare breach may delegate tasks of providing HIPAA breach notifications to Change Healthcare
May 31 – Today, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published an update to the frequently asked questions (FAQs) webpage concerning the Change Healthcare cybersecurity incident. The webpage, first published on April 19, 2024, provides answers to FAQs concerning the Health Insurance Portability and Accountability Act of 1996 (HIPAA)…
Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO
Zack Whittaker reports: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG). UnitedHealth CEO Andrew Witty provided the written testimony ahead of a…
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach
Note: Marco A. De Felice (aka @amvinfe) has been doing some great investigative blogging on ransomware groups and incidents. If you’re not checking his SuspectFile site regularly, you are missing out on some of his exclusive reporting. De Felice’s recent coverage of Medusa’s attack on Northeast Ohio Neighborhood Health (NEON) begins: Another significant data breach…