HHS to investigate Change Healthcare cyberattack

In an announcement calling the cyberattack that crippled Change Healthcare a “direct threat to critically needed patient care,” the HHS Office for Civil Rights (OCR) said it would open an investigation into the incident focused on Change and its parent company, UnitedHealth Group (UHG).

“Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident,” states a “Dear Colleague” letter from OCR director, Melanie Fontes Rainer. “OCR’s investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and [on] Change Healthcare’s and UHG’s compliance with the HIPAA Rules.”

Fontes Rainer adds that, while OCR isn’t prioritizing investigations of any specific Change or UHG partner, providers or health plans should still ensure they are aware of their “regulatory obligations and responsibilities, including ensuring that business associate agreements are in place and that timely breach notification to HHS and affected individuals occurs as required by the HIPAA Rules.”

To that end, Fontes Rainer ends the letter by linking to a variety of cybersecurity and HIPAA guidance materials for partners of Change and UHG.

Evan Godt
Evan Godt, Writer

Evan joined TriMed in 2011, writing primarily for Health Imaging. Prior to diving into medical journalism, Evan worked for the Nine Network of Public Media in St. Louis. He also has worked in public relations and education. Evan studied journalism at the University of Missouri, with an emphasis on broadcast media.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.