Posted on 10/24/2024 2:26:58 PM PDT by DFG
It's being called the largest ever breach of protected patient health information by a government-regulated medical company in America's history.
Change Healthcare, owned by UnitedHealth Group, fell victim to a cyberattack eight months ago, but revealed on Thursday that 100 million people had been impacted.
That surpassed the previous recordholder for worst breach of US patient data: a 2015 episode at Anthem Inc. that compromised 78.8 million individuals.
The first official report by Change Healthcare, which manages revenue and payments for medical providers, estimated in July that only 500 people had been compromised.
Now, the scope of the February 21 ransomware attack has spurred Congress to call for lifting the cap on how much a negligent healthcare firm can be fined.
'The healthcare industry has some of the worst cybersecurity practices in the nation,' Senator Mark Warner said, 'despite its critical importance to Americans' well-being and privacy.'
Today, existing legislation provides a ceiling of $2 million per violation for offenders of the Health Insurance Portability and Accountability Act (HIPPA).
If passed, these 'commonsense reforms' would also include 'include jail time for CEOs that lie to the government about their cybersecurity,' Wyden added.
The hack, which Change Healthcare's parent company attributed to a 'foreign nation' this past winter.
Anthem was fined $16 million, the largest penalty imposed for a for a HIPAA violation, but experts worry such a fine would barely deter today's healthcare giants.
Change Healthcare alerted the Department of Health and Human Services' Office for Civil Rights (OCR) on July 19, noting their internal investigation was ongoing.
Industry observers at the HIPAA Journal noted that the big round number of 100 million, issued in Change's update this month, suggests that 'it is possible that that figure will change.'
(Excerpt) Read more at dailymail.co.uk ...
Got these notices a month ago. Cant find which of my providers use Change. Likely they all do.
My Rx says they dont.
How about we give bonuses to the good companies instead of forever fineing the bad players.
We got some notices, too, and I meant to check into them but haven’t yet. The company plan is part of United Healthcare. Crud.
We are not
We have Florida Devoted PPO
Guess that explains the massive increase in blacklisted email and spam.
Nothing is private anymore. It’s fun to have bogus info out there to play games with.
These hacks are used to identify people who have had recent surgeries or other complicated treatments and send them fake bills for some “uncovered” portion of surgery or treatment. Often “consultation services” or some specious “testing” that never happened and the outfit isn’t real. The sums are usually a few hundred bucks.
Most people pay their bills, but even if you don’t pay up, they sell the fictitious medical debt to debt collectors and make a few pennies.
Your information is sold on to other criminal enterprises with other scam models. This is why you suddenly start getting fake invoices by email or text. Or fake refunds asking for you to log in and verify your account info to process the refund.
Everyone in the world is out to rip off Americans every way they can.
I just got a letter from these guys on Monday telling me that I have been compromised.
I already have a thing for experion from an at&t data breach.
What the heck is going on?
The US government mandated that all hospitals be on electronic medical records. The rush to get software up and running meant a lot of foreign nationals had their hands in its development. The companies in charge of this junk put government mandated functionality above personal information security.
That means your health care data is the least secure information on the internet.
Guess what HIPPA should protect you in this situation but every healthcare facility makes you sign your rights away so they can give your data to organizations such as Change for billing and administrative purposes.
Give a bonus for doing their job????
Their “remedy” with credit monitoring etc has been rated as lowest cost garbage.
I was wondering about that. Of what use would medical information be? Now I know. My concern is that financial information is also in those records. I found that out the hard way when unauthorized charges were made to my credit card because I’d used it to pay a deductible.
I’ve had my cards debit and credit compromised so many times it’s not funny.
Here’s what I’ve learned:
Always pay cash at gas stations when you travel.
Never let the waiter take your card to the front to run it for you.
Sign up for text or email receipts so you can spot fake transactions quicker because that gives the bank more ability to claw the funds back.
Use your credit card, not debit online or when you travel. The protections are more robust.
Avoid auto-pay authorisation as much as possible. They become hard to keep track of and you might not notice an extra one for a small amount that is for a bogus service you didn’t sign up for.
Avoid companies who offshore customer support to India and other Asian countries.
I’ve had my cards debit and credit compromised so many times it’s not funny.
Here’s what I’ve learned:
Always pay cash at gas stations when you travel.
Never let the waiter take your card to the front to run it for you.
Sign up for text or email receipts so you can spot fake transactions quicker because that gives the bank more ability to claw the funds back.
Use your credit card, not debit online or when you travel. The protections are more robust.
Avoid auto-pay authorisation as much as possible. They become hard to keep track of and you might not notice an extra one for a small amount that is for a bogus service you didn’t sign up for.
Avoid companies who offshore customer support to India and other Asian countries.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.