What many industry observers suggested is now confirmed: The Change Healthcare cyberattack earlier this year affected personal information of 100 million people, making it the nation’s largest-ever breach of healthcare data. Parent company UnitedHealthcare recently updated the Department of Health and Human Services’ Office for Civil Rights confirming the scope of the impact. However, it could be months or years before the department completes its investigation of Change and determines a financial penalty if it finds noncompliance with HIPAA regulations. According to HIPAA Journal, the maximum penalty could be somewhere in the range $2.1 million. The immediate cost of the breach has now risen to $2.457 billion, according to UnitedHealth Group’s recent earnings report. The scope of the Change breach is second only to a 2015 breach at Anthem that compromised 79 million people in 2015.
That’s about right: Early in the saga of the Change Healthcare cyberattack, company officials estimated that the personal and health data of about one-third of Americans was affected by the breach. And as it turns out, that was accurate. The current US population is 345 million.
Read More
- What Did We Learn From the Change Healthcare Outage?
- Quantifying the Change Healthcare Cyberattack
- Education is Key to Avoiding Increasingly Sophisticated Cyber Crime