Change Healthcare has experienced a significant cyberattack that compromised the protected health information (PHI) of over 100 million individuals, making it the largest known breach involving a HIPAA-regulated entity.
This incident surpasses the previous record set by Anthem in 2015, which affected 78.8 million people. The breach, confirmed as a ransomware attack, occurred on February 21 and has caused disruptions in claims payments for various hospitals and physician practices.
The Office of Civil Rights is currently investigating the company's HIPAA compliance prior to the attack. UnitedHealth Group, which acquired Change Healthcare for $13 billion two years ago, has been providing updates on the restoration efforts following the breach. CEO Andrew Witty recently confirmed to Congress that the company decided to pay a $22 million ransom in bitcoin to protect patient health information.