UnitedHealth Faces Multiple Class Action Lawsuits Over Massive Change Healthcare Payment Data Breach

By

UnitedHealth Group faces a wave of legal accusations. This comes in the wake of a cyber-attack last month that targeted Change Healthcare, UnitedHealth's payment processing unit. The healthcare giant stands accused of failing to safeguard its customers' data. So far, six lawsuits have emerged, and more could be on the horizon.

Calls for Consolidation and Unknown Litigation Size

To streamline the legal process, plaintiffs' lawyers in Washington, D.C., filed a motion late on Tuesday. Addressing a federal judicial panel, they proposed consolidating the lawsuits at the federal court in Nashville, Tennessee, home of Change Healthcare's headquarters. The scope of potential litigation remains unclear. Unknowns persist around the volume and nature of compromised information during the BlackCat hacker group's attack.

Shadowy Details and Rumors of Ransom

While UnitedHealth made the attack public on February 21, details surrounding the number of affected people were conspicuously absent from their announcement. A Wednesday statement further confirmed UnitedHealth's primary concern: restoring Change's operations. Although UnitedHealth has yet to comment, rumors swirled around the hacker underworld, suggesting a hefty $22 million ransom was paid to regain locked system access.

HIPAA Fall and Pending Notifications

Under the terms of HIPPA (Health Insurance Portability and Accountability Act), companies are permitted 60 days after discovering a data breach to notify affected individuals of compromised personal information. Notifications are also mandated by additional federal regulators and media outlets, particularly when breaches extend to over 500 people. UnitedHealth has yet to issue such a notice.

The Shutdown of Major Healthcare Operations

Change Healthcare processes approximately 50% of all U.S. medical claims, serving a network of around 900,000 physicians, 33,000 pharmacies, 5,500 hospitals, and 600 laboratories. The cyber-attack slammed the brakes on Change's operations, leaving an array of healthcare providers unable to receive payments. UnitedHealth's official website projected a March 15 resumption of Change's payment processing.

Ramifications of the Breach and Lawsuits

The lawsuit's plaintiffs argue that Change failed to adequately protect personal data, exposing patient information to threats like identity theft and violating privacy. Instances have emerged documenting patients' inability to fill essential prescriptions due to related difficulties in insurance claim processing, leading to potential health risks. Names, Social Security numbers, medical records, and payment details are all cited as potentially compromised. The risks remain high, with one lawsuit suggesting that breach data is being offered for sale on the dark web.

Violation Claims and Where to Consolidate

Now, lawsuits are sprouting, proposing claims of negligence and violation of HIPAA privacy provisions along with other state laws. Four lawsuits already lodged in Nashville against Change are joined by two more in Minnesota against UnitedHealth. There is a significant question of where these grievances should be argued, and this decision is now placed in the hands of the U.S. Judicial Panel on Multidistrict Litigation. Lawyers from Minnesota cases could submit a competing motion, potentially moving the cases to their court jurisdiction.

With all these lawsuits, UnitedHealth's protection of customer data is now under serious scrutiny. The company must navigate this storm carefully and efficiently, ensuring adherence to legal requirements and careful communication with all affected parties. This situation is a potent reminder of the ever-present and growing threat of cybersecurity breaches within the healthcare industry.

Join the Discussion
More Business
Elderly Florida Man Fires Gun at Walmart Delivery Drone, Believed

Elderly Florida Man Fires Gun at Walmart Delivery Drone, Believed It Was 'Surveilling Him': Police

Hired Assassin_12062024_1

Law Enforcement Officials Alert Executives to 'Growing Negative Sentiment' Around 'The Wealthy' After CEO Assassination

Alan Harrison

Alan Harrison: From Naval Officer to Legal Innovator at Sandollar Business & Intellectual Property Law

Thieves Break Into California Wig Shop, Make Off with Dozens

Thieves Break Into California Wig Shop, Make Off with Dozens of Hair Pieces Made for Women with Cancer

Real Time Analytics