Maryland insurer sues Change Healthcare for $900K
Change Healthcare, a subsidiary of Optum and UnitedHealth Group, is being sued by an insurer, marking the latest in a litany of lawsuits filed against the company over its February 2023 data breach.
CareFirst BlueCross BlueShield of Maryland (CareFirst BCBS) has filed a complaint in state court, alleging that Change Healthcare was negligent in deploying inadequate security that inadvertently led to the successful cyberattack.
UnitedHealth CEO Andrew Witty admitted during a Senate hearing that a single server, which lacked multifactor authentication, was the pathway through which hackers gained access and deployed ransomware on Change Healthcare’s network.
The attack exposed the personal data and medical records of nearly 200 million patients to the dark web, where the trove was put up for sale. The data breach is the largest ever reported by a healthcare entity.
CareFirst BCBS stated that the incident resulted in the loss of a significant amount of data it needed to manage employer health plans, as well as components of its Medicare Advantage business.
The insurer is seeking $900,000 in compensatory damages, along with attorney fees.
CareFirst BCBS serves approximately 3.5 million people in and around Maryland. Change Healthcare likely processes most of its medical claims, as the company handles the majority of claims for payers across the country.
The lawsuit was filed at the end of February, and a trial date has yet to be set.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.