(Photo : Getty Images/PATRICK T. FALLON/AFP)
UnitedHealth Group faces a wave of legal accusations. This comes in the wake of a cyber-attack last month that targeted Change Healthcare, UnitedHealth's payment processing unit. The healthcare giant stands accused of failing to safeguard its customers' data. So far, six lawsuits have emerged, and more could be on the horizon.
Calls for Consolidation and Unknown Litigation Size
To streamline the legal process, plaintiffs' lawyers in Washington, D.C., filed a motion late on Tuesday. Addressing a federal judicial panel, they proposed consolidating the lawsuits at the federal court in Nashville, Tennessee, home of Change Healthcare's headquarters. The scope of potential litigation remains unclear. Unknowns persist around the volume and nature of compromised information during the BlackCat hacker group's attack.
Shadowy Details and Rumors of Ransom
While UnitedHealth made the attack public on February 21, details surrounding the number of affected people were conspicuously absent from their announcement. A Wednesday statement further confirmed UnitedHealth's primary concern: restoring Change's operations. Although UnitedHealth has yet to comment, rumors swirled around the hacker underworld, suggesting a hefty $22 million ransom was paid to regain locked system access.
HIPAA Fall and Pending Notifications
Under the terms of HIPPA (Health Insurance Portability and Accountability Act), companies are permitted 60 days after discovering a data breach to notify affected individuals of compromised personal information. Notifications are also mandated by additional federal regulators and media outlets, particularly when breaches extend to over 500 people. UnitedHealth has yet to issue such a notice.
The Shutdown of Major Healthcare Operations
Change Healthcare processes approximately 50% of all U.S. medical claims, serving a network of around 900,000 physicians, 33,000 pharmacies, 5,500 hospitals, and 600 laboratories. The cyber-attack slammed the brakes on Change's operations, leaving an array of healthcare providers unable to receive payments. UnitedHealth's official website projected a March 15 resumption of Change's payment processing.
ALSO READ: Spirit Airlines Battles Survival Odds Amidst Chapter 11 Bankruptcy Risk and Debt Challenges
Ramifications of the Breach and Lawsuits
The lawsuit's plaintiffs argue that Change failed to adequately protect personal data, exposing patient information to threats like identity theft and violating privacy. Instances have emerged documenting patients' inability to fill essential prescriptions due to related difficulties in insurance claim processing, leading to potential health risks. Names, Social Security numbers, medical records, and payment details are all cited as potentially compromised. The risks remain high, with one lawsuit suggesting that breach data is being offered for sale on the dark web.
Violation Claims and Where to Consolidate
Now, lawsuits are sprouting, proposing claims of negligence and violation of HIPAA privacy provisions along with other state laws. Four lawsuits already lodged in Nashville against Change are joined by two more in Minnesota against UnitedHealth. There is a significant question of where these grievances should be argued, and this decision is now placed in the hands of the U.S. Judicial Panel on Multidistrict Litigation. Lawyers from Minnesota cases could submit a competing motion, potentially moving the cases to their court jurisdiction.
With all these lawsuits, UnitedHealth's protection of customer data is now under serious scrutiny. The company must navigate this storm carefully and efficiently, ensuring adherence to legal requirements and careful communication with all affected parties. This situation is a potent reminder of the ever-present and growing threat of cybersecurity breaches within the healthcare industry.
RELATED TOPIC: Biden's New Surveillance Protection Court: Assessing Impacts on Transatlantic Data Trade and Privacy Right
© 2023 Lawyer Herald All rights reserved. Do not reproduce without permission.
Get the Most Popular Lawyerherald Stories in a Weekly Newsletter
Join the Discussion
