#INDUSTRYALERT: In response to the #OCR clarification that #HIPAA Covered Entities may delegate PHI #breach notifications to UHG and Change, and with confirmation that only one party (either the Covered Entity or their Business Associate), must perform the notifications, we are inching closer to a flood of patient/member breach notifications. These notices will be fear-inducing and worrisome, especially for seniors and vulnerable people. Recognizing that the required 60 days for notifications has now passed, Senators Blackburn and Hassan have now issued an official request for notifications to be sent by June 21. What should you do right now? ✅ Every health plan, provider and member-facing vendors should examine Call Center and front desk staffing and arrange extra capacity to handle complex inbound calls and more intense F2F discussions with patients. ✅ Prepare member-facing staff with empathetic, detailed information on what they need to do next to protect themselves. Identify theft in this situation is a very real threat, and vulnerable people may struggle with the resulting fear and uncertainty. ✅ Prepare for a busier-than-normal fall in member-facing departments. As patients experience normal phishing and identity threats, we expect them to call providers and insurors more frequently than normal seeking information, reassurance and potentially identify theft protection. ✅ Help your key vendors and suppliers whose PHI vulnerabilities are impractical to remediate rapidly. Many organizations self-audited their hack-readiness and realized they were, indeed, vulnerable - but when the world went so quickly back to #BusinessAsUsual, all parties just began living with the increased awareness of existing risks. As soon as these notifications drop, we expect to need all-hands on deck interactions. Hoping my #MedicareAdvantage, #Medicaid and Commercial health plan friends are all ready (as well as your member-facing vendors too)! With #CAHPS and #MemberExperience remaining a key priority in #MA #StarRatings, this is a vital time to remind leaders that #ThisIsCAHPS. It will require incremental expense, documented adequately to serve as documentation for potential legal or financial recovery suits in the future. This means we're going to need our CFOs involved to authorize rapid budgets, and potentially more/better vendored flex support to get through what promises to be a busy summer within the #Stars world! #NotBusinessAsUsual ⭐ ⭐ ⭐ ⭐ ⭐
Melissa Newton Smith’s Post
More Relevant Posts
-
IT, XaaS, Cyber, Privacy, AI, IP, Cloud, CRM, eCommerce, ERP, Crypto-NFT-Blockchain, eDiscovery, Arbitrator, Mediator, Court-Appointed Neutral, Trial Lawyer, Board Director, Blogger & lawyer at VOGEL IT LAW.
INTERNET, IT & E-DISCOVERY BLOG: Healthcare breach at UT Southwestern! https://lnkd.in/gfyTknjx https://lnkd.in/gqFg2B_j SCMagazine.com reported that “Dallas-based UT Southwestern Medical Center had data from almost 2,100 individuals compromised following a data breach, The Dallas Morning News reports.” The March 12, 2024 report entitled “UT Southwestern breach hits over 2K patients” (https://lnkd.in/gdRjfhHi) included these comments a UT Southwestern spokesperson: We are assessing the data to prepare notifications to those impacted in accordance with federal regulations. The incident involved internal use of unapproved software and did not involve a cyberattack or external exposure of data,… And these comments: Threat actors were able to access patients' medical and health insurance details, as well as their birthdates and addresses, noted UT Southwestern in a filing with the Office of the Texas Attorney General, which also noted upcoming notifications to affected individuals. Such a breach comes months after UT Southwestern disclosed being among the more than 2,700 organizations impacted by the widespread MOVEit hack conducted by the Cl0p ransomware operation. The development also follows an IBM study noting mounting data breach costs, especially in the healthcare sector, which logged an over 50% increase in average breach spending since 2020 to $11 million last year. Unfortunately Healthcare is a large target! #cyber #healthcare
To view or add a comment, sign in
-
Cyberattack on UnitedHealth’s Change Healthcare Disrupts U.S. Healthcare for Seventh Day! The healthcare sector is grappling with a cyberattack on UnitedHealth’s Change Healthcare, now in its seventh day, causing significant disruptions. The attack has affected over 90% of the nation’s pharmacies, forcing them to deploy electronic workarounds for payment and revenue cycle management. UnitedHealth discovered the breach, suspected to be a nation-state-associated threat, last week. The company immediately isolated and disconnected the impacted systems. Change Healthcare, which merged with Optum in 2022, is crucial for processing claims and managing payments for more than 100 million patients in the U.S. The fallout has not yet impacted provider cash flows, as payments are typically issued one to two weeks after processing. However, the disruption highlights the vulnerability of the healthcare sector to cyberattacks. In 2023, a record 725 large healthcare security breaches were reported, underscoring the attractiveness of health data to cybercriminals. CVS Health and Walgreens have reported that their operations have been affected, with difficulties in processing insurance claims and filling prescriptions. The breach underscores the need for senior healthcare leaders to dedicate resources to cybersecurity and foster a culture where everyone is part of the cybersecurity team. This incident is a stark reminder of the importance of cybersecurity in the healthcare industry. It’s not just an attack on Change Healthcare, but an attack on the entire sector. As we move forward, it’s crucial for organizations to strengthen their defenses and for individuals to take steps to protect their personal data. #Cybersecurity #Healthcare #DataBreach #UnitedHealth #ChangeHealthcare #PharmacyDisruption #CyberAttack
To view or add a comment, sign in
-
The ransomware attack on UnitedHealth’s Change Healthcare subsidiary last month not only brought to light how attractive the data-rich U.S. health-care industry is to hackers and how devastating the consequences for patients and doctors, but also how sophisticated cyber criminals are becoming when targeting vulnerable sectors. The breach, which took place more than three weeks ago, prompted the U.S. Department of Health and Human Services this week to launch an investigation into UnitedHealth. In a statement, the HHS Office for Civil Rights said it’s investigating the cyberattack due to its “unprecedented magnitude.” Change Healthcare is the largest clearinghouse for insurance billing and payments in the U.S. Since the February 21 attack, the thousands of doctors, hospitals and other health providers that depend on Change Healthcare for billing reimbursements have not been paid as the company works to bring its systems back online. UnitedHealth told CNBC in a statement that it will cooperate with the investigation from the OCR. “Our immediate focus is to restore our systems, protect data and support those whose data may have been impacted,” the company said. “We are working with law enforcement to investigate the extent of impacted data.” The breach, no doubt, is a nightmare for health providers who claim they are running out of cash to run their practices as they wait for Change Healthcare payments, as well as for consumers who are seeing delays in getting prescriptions filled or procedures approved. But it also underscores a much bigger problem: the vulnerability of the entire U.S. health-care sector. https://lnkd.in/dATFvazA #uhc #clearinghouse #cybersecurity #ransomware #ransomwareprotection #healthcare #healthcareinnovations #healthcaretechnology #healthcareprofessionals #healthcareproviders #healthcaresystems #doctors #healthinsurance #technology #innovation #patientdata #patients #hospitals #cybercrime
To view or add a comment, sign in
-
Cyber Security Consultant | Cyber Security Analyst | Lead Auditor | PCI QSA | Bug Bounty Hunter | Penetration Tester | Cloud DevOps Engineer | Automation Engineer | AWS Engineer
Massive Data Breach at UnitedHealth Affects “Substantial Proportion of People in America” The UnitedHealth cyber breach saga seemingly keeps getting worse. If you recall, UnitedHealth Group disclosed that a #ransomware #attack targeting its subsidiary, Change Healthcare, led to the theft of private healthcare data concerning a significant number of Americans. While specific figures on the number of individuals affected were not disclosed, the company indicated that the stolen data could potentially impact a vast swath of the U.S. population. Change Healthcare, a key player in the health tech sector, processes insurance and billing information for numerous healthcare providers nationwide, thereby accessing extensive health data on roughly half of all Americans. Based on initial targeted data sampling to date, the company has found files containing protected health information (#PHI) or personally identifiable information (#PII), which could cover a substantial proportion of people in America. To date, the company has not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data. The breach was first brought to light when a new hacking group, known as #RansomHub, began to publish parts of the stolen data online in an attempt to extract a secondary ransom from UnitedHealth. Despite prior payments totaling $22 million to another group, #ALPHV, for an earlier breach, UnitedHealth confirmed they again conceded to a ransom demand to safeguard patient data from further exposure. The ongoing situation underscores the severity of the breach, which not only compromised patient information but also significantly disrupted healthcare services across the country, resulting in substantial financial losses for UnitedHealth. UnitedHealth's handling of the incident has come under scrutiny as the healthcare system continues to grapple with the aftermath of the attack. With disruptions causing widespread outages in pharmacies and hospitals, the attack has had far-reaching implications for patient care and financial stability within the sector. As the company works through the extensive data review process, which is expected to take several months, the broader implications for healthcare data security and ransomware attacks on critical infrastructure are becoming starkly apparent. #cyberattacks #healthcare #ransomware #threatactors
To view or add a comment, sign in
-
Partner at DHW CPA's specializing in Tax | Accounting | Retail | Food & Beverage | Manufacturing & Distribution | Transportation | Restaurant | Grocery
The theft of valuable protected health information (PHI) is a growing concern. Over half of healthcare CFOs (51%) say privacy breaches are a bigger risk in 2024 compared to 2023, according to BDO’s 2024 Healthcare CFO Outlook Survey. Cybercriminals exploit patient information and the repercussions from a cyberattack can be severe. Click on the link below to learn more and ask me how I can help! https://lnkd.in/eSyD5iWi
Healthcare Security in 2024: The Cyberthreat Landscape
https://dhw.cpa
To view or add a comment, sign in
-
Answering 7 Key Questions About Change Healthcare’s Cyberattack – MedCity News - MedCity News #Cyberattack on Change Healthcare Change Healthcare recently experienced a cyberattack that affected its systems and services. Here are 7 key questions answered about the incident: #1: What Happened? Change Healthcare was targeted by a hacker who gained unauthorized access to their systems. #2: When Did the Cyberattack Occur? The cyberattack occurred recently, but the exact date has not been disclosed. #3: What Data Was Compromised? It is unclear what specific data was compromised during the cyberattack. #4: How Did Change Healthcare Respond? Change Healthcare immediately took action to investigate and contain the cyberattack. #5: What Impact Did the Cyberattack Have? The cyberattack caused disruptions to Change Healthcare's systems and services. ai.mediformatica.com #healthcare #providers #change #changehealthcare #government #cyberattack #news #medcity #cybersecurity #optum #payments #ransomware #digitalhealth #healthit #healthtech #healthcaretechnology @MediFormatica (https://buff.ly/3PcJRGK)
Answering 7 Key Questions About Change Healthcare’s Cyberattack - MedCity News
https://medcitynews.com
To view or add a comment, sign in
-
⚠ Geisinger Faces Data Security Breach ⚠ : Patient Info at Risk [#DataBreach #HealthcareSecurity] Geisinger, a prominent healthcare provider, recently disclosed a data security incident exposing patients' personal and medical information. The breach occurred between May 24 and June 2, 2024, affecting an undisclosed number of patients. Compromised data includes names, addresses, dates of birth, medical record numbers, insurance details, and limited clinical information. 🔍Key Actions Taken: - Notification of impacted patients - Complimentary identity protection services offered - Enhancement of security protocols Navigating the Aftermath: How does this incident shift your perspective on data security within healthcare? What measures do you believe are essential to fortify digital defenses against such breaches? Let's collaborate in the comments below. Sharing insights and strategies can empower us to better protect sensitive patient information in an increasingly digital healthcare landscape. #CyberSecurity #InfoSec #PatientDataProtection #DigitalHealth #HealthcareIT Read more about the incident and Geisinger's response: https://lnkd.in/g7inA_3f
Geisinger provides notice of Nuances data security incident
geisinger.org
To view or add a comment, sign in
-
On February 21, cyber criminals accessed Change Healthcare’s computer systems, encrypted vital IT data, and claimed to have stolen six terabytes of sensitive information, including personally identifiable information and medical records. In response to the attack, Change Healthcare disconnected its systems – paralyzing hospital and pharmacy systems, claims approvals, and billing and payment systems across the country. It was arguably the most significant cybersecurity disruption to healthcare in U.S. history. UnitedHealth Group, Change Healthcare’s parent company, paid a $22 million ransom to the cyber criminals to reduce the risk of the stolen medical data being publicly disclosed – and an additional $3.3 billion to affected providers. These losses don’t include the forensic, incident, and legal costs needed to respond to the attack. In its 2024 first-quarter report, UnitedHealth Group reported a loss of $872 million in “unfavorable cyberattack effects.” Don't Forget About ERISA in Your Health Plan’s Cybersecurity Efforts: Important Reminders for Plan Fiduciaries in the Wake of Healthcare Cyberattack. Jenny Kiesewetter attorney at Fisher Phillips provides those reminders here: https://lnkd.in/eaR_kzXh #erisa #fiduciary #fiduciaryduty #cyberattack #cubersecurity
Don't Forget About ERISA in Your Health Plan’s Cybersecurity Efforts: Important Reminders for Plan Fiduciaries in the Wake of Healthcare Cyberattack
https://www.jdsupra.com/
To view or add a comment, sign in
-
I help small business owners streamline and secure their IT & systems to boost growth & productivity | Family Guy | Tech Enthusiast | Early Adopter | Tinkerer | Specialist in Microsoft Intune, Remote Work & WFH Solutions
Did you know that healthcare data breaches can affect millions? A staggering 9 million patients were impacted by a recent healthcare data breach. It highlights the critical need for enhanced data security in the healthcare sector. Protecting patient information is not just about compliance; it’s about trust. In an era where data is gold, how can healthcare providers strengthen their defenses against such breaches? #HealthcareSecurity #DataBreach #PatientTrust #ExpertlyManagedIT #ITSupport https://lnkd.in/eGGZQ8HX
Concentra Confirms Almost 4 Million Patients Affected by PJ&A Data Breach
https://www.hipaajournal.com
To view or add a comment, sign in
-
Whoa. A huge story you might have missed: "Change Healthcare is experiencing a cyber security issue.' The attack led to a nationwide outage of a network designed to communicate data between healthcare providers and insurance companies. - "On February 21, 2024, UnitedHealth Group identified a suspected nation-state associated cybersecurity threat actor had gained access to some of the Change Healthcare information technology systems," - Change processes 15 billion healthcare transactions each year, and its "clinical connectivity solutions" touch a third of U.S. patients. - The American Hospital Association is recommending that its members consider disconnecting from Optum's services until ...resolved. - Pharmacies across the United States are still grappling with substantial disruptions ... as reported by multiple pharmacy chains. Get updates on the AHA Website: https://lnkd.in/gFAHjJFp #cyberawareness #healthcarecompliance #databreach #healthcaredata
Optum expects Change Healthcare disruption to last for at least another day
fiercehealthcare.com
To view or add a comment, sign in
Building Conversation Bridges
1moSuper summary as always, Melissa. Have you been keeping tabs on the Ascension ransomware attack? Downright scary. It's really tough to hear how hard it is to create a conversation with members and patients around issues like these. We've seen this so often in other industries, but the physical and psychological safety here in healthcare takes it to a dangerous level for both patients and clinicians. We may hear more from certain members inbound, but the fear may keep some from reaching out at all. Summer of Stars beginning hot 🌡