This is what I got this morning when I tried to log into my (previous) #healthInsurance company's website (which uses #Optum's "Healthsafe ID" for authentication) after 9am to submit a claim from last month (before we switched to new insurance).
It's of course a 
-show that Optum can't keep a mission-critical website up during business hours, and a double -show when they've got a bogus "test" email address displayed in the error message.
Par for the course for Optum, eh?
#changeHealthcare
![Error screen:
[Alert icon]
Something Wrong!
An unexpcted error occurred with the system while processing your request. We are sorry for the inconvenience. Please contact us at 1-800-821-6136 test@optum.com
["Please try again!" button]](https://cdn.masto.host/federatesocial/media_attachments/files/114/274/199/746/506/437/original/b57ba90ea5356e47.png "Error screen:
[Alert icon]
Something Wrong!
An unexpcted error occurred with the system while processing your request. We are sorry for the inconvenience. Please contact us at 1-800-821-6136 test@optum.com
[\"Please try again!\" button]")
https://www.europesays.com/1814744/ 1,000,000 Patients Exposed In Healthcare Provider Data Breach #ChangeHealthcare #CommunityHealthCenter #ComputerSecurity #cybsersecurity #Data #DataBreach #Hacker #hipaa #PatientRecords #PHI #UnitedHealthGroup
Sharp-eyed @zackwhittaker caught this one:
UnitedHealth hid its Change Healthcare data breach notice for months:
Let's make sure Zack's reporting gets indexed.
$UNH’s #ChangeHealthcare unit paid a big ransom—its IT was as weak as a kitten.
February’s huge #UnitedHealth #ransomware hack is now confirmed as the U.S.’s biggest ever #healthcare breach. As you might recall, the scrotes got in via simple credential reuse—there was no #MFA to stop them.
Change Healthcare? More like Change CISO, amirite? In #SBBlogwatch, we wonder why Steven Martin is still in post. At @TechstrongGroup’s @SecurityBlvd: https://securityboulevard.com/2024/10/unitedhealth-change-healthcare-100m-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc
Change Healthcare updated its report to #HHS this week, changing its "marker" report in July of 500 patients affected to 100,000,000 patients affected.
It's not clear to me whether that is the final report on the number affected or if it is just an updated interim figure with a lot more to come. I've emailed Change to inquire and will update this if I get a reply.
In the meantime, if you need a refresher on what happened with this incident and the current situation with the incident, read @zackwhittaker report on @TechCrunch
Happy #ChangeHealthcare #breachNotification to all who celebrate!
We got ours yesterday. When did you get yours?
There's too much for alt text, so I've posted a PDF with text at https://drive.google.com/file/d/1TcFGL-MuuMArhCISNM5MmT3yvtYpkGr-/view.
(There are 4 more pages in the reply.)
This is the worst breach notification I've seen in a long time.
Of note: because Change Healthcare does everything badly, you have to call them to get the free credit monitoring; there's no way to do it online.
#infosec #privacy #cybersecurity #breach
My #HealthInsurance company, #GEHA, was impacted by the #ChangeHealthcare #Ransomware attack; they were unable to send out EOBs or reimbursement checks for several months and had to implement a replacement process from scratch.
EOBs and checks started flowing again eventually via the new process. Alas, there's a problem: there's a bug in the system, and they're sending out some duplicate EOBs *and duplicate checks*.
How much do you suppose this will cost them?
#UnitedHealth's 'egregious negligence' led to #ChangeHealthcare #ransomware infection
'I'm blown away by the fact that they weren't using MFA'
The #cybersecurity practices that led up to the stunning Change Healthcare ransomware infection indicate "egregious negligence" on the part of parent company UnitedHealth, according to Tom Kellermann, SVP of cyber strategy at Contrast Security.
https://www.theregister.com/2024/05/08/unitedhealths_egregious_negligence/
The good news: 2 of my dependents hit their deductible on our High-Deductible Health Plan, so the insurance company will now start paying for most of their recurring expenses (we still have to pay copays, up to the out of pocket max, which we probably won't hit).
The bad news: the insurance company was impacted by the #ChangeHealthcare breach, and they _just_ figured out how to send out checks themselves, so they have to work through months of backlog before we'll see any money.
#HealthInsurance
Health care giant comes clean about recent hack and paid ransom - Enlarge (credit: Getty Images)
Change Healthcare, the health c... - https://arstechnica.com/?p=2020827 #changehealthcare #prescriptions #ransomware #security #biz&it
It's possible that the delay is due to the #ChangeHealthcare #SecurityIncident, but it's equally possible that the surgeon's office is overworked and understaffed and just hasn't gotten around to filing the secondary insurance claim. After all, why would they feel like they have to prioritize it, when they already have my money?
Change Healthcare Update
Change Healthcare and United Health have put out additional information.
I know most clinicians won't but I'm making the decision to give my clients a heads-up right now given:
a) Change Healthcare seems to be offering people who call two years of free credit monitoring, &
b) They say it will take months before they notify anyone what data was actually breached, &
c) Data on a huge percentage of the US population has been breached.
I'm posting a few quotes below with my commentary in red. Those interested should read the articles at the links provided for more.
Change Healthcare: Hack affects a 'substantial proportion of people in America'
https://www.beckershospitalreview.com/cybersecurity/change-healthcare-hack-affects-a-substantial-proportion-of-people-in-america.html
"Change Healthcare says data stolen by hackers in a February cyberattack likely covers a 'substantial proportion of people in America.'"
It's a huge breach -- almost certainly effects your clients. 1 in 3 patient records nation-wide effected.
"The company set up a website and hotline for more information on the data breach and is offering two years of free credit monitoring and identity theft protection for anyone affected."
More below.
Change Healthcare Cyberattack Support
https://www.unitedhealthgroup.com/ns/health-data-breach.html
"A dedicated call center is available to offer free credit monitoring and identity theft protections for two years to anyone impacted." Call 1-866-262-5342
Given that they are offering credit monitoring in advance of knowing who/what data was breached, I'm guessing they are giving it to anyone who calls. Hopefully.
Even if your clients don't care about medical data being leaked, the data could also be such that thieves could establish credit in client's names. So everyone needs to lock down their credit and monitor from now on.
How to place or lift a security freeze on your credit report
https://www.usa.gov/credit-freeze
"The call center will also include trained clinicians to provide emotional support services."
Oh, the sweet cynical irony...
UnitedHealth Group Updates on Change Healthcare Cyberattack
April 22, 2024
https://www.unitedhealthgroup.com/newsroom/2024/2024-04-22-uhg-updates-on-change-healthcare-cyberattack.html
"Given the ongoing nature and complexity of the data review, it is likely to take several months of continued analysis before enough information will be available to identify and notify impacted customers and individuals."
Don't expect any timely information. Lock your credit down now.
"To help ease reporting obligations on other stakeholders whose data may have been compromised as part of this cyberattack, UnitedHealth Group has offered to make notifications and undertake related administrative requirements on behalf of any provider or customer."
This would seem to imply they will do formal breach notifications for providers. Someday... Tell me more please how to make this happen...
But... see article below...
"Change Healthcare Service Restoration"
They claims their systems are back to 80%+ operational status. Read for details, but really -- what matters is if you have noticed if your claims submissions, EFT, and ERA are working again.
HHS: No breach notification from Change
https://www.beckershospitalreview.com/cybersecurity/hhs-no-breach-notification-from-change.html
One wonders how vigilant they will be given this story.
"HHS said it has not received a breach notification from UnitedHealth's subsidiary Change Healthcare in the wake of the February cyberattack it suffered." (as of April 19th)
"HHS did say HIPAA-covered entities have at least 60 days to report a breach from the date it was discovered. The Change hack occurred Feb. 21."
"Additionally, HHS said any covered entities that have been affected by the breach must report it if protected health information has been compromised."
Huh. So... United Health seems to be saying they will undertake breach notifications on the part of any provider, but HHS says it is our responsibility. I'm confused.
My non-legal speculative opinion is that this is not yet my problem as I have not been notified of any breach by United Health or Change Healthcare. Right? Won't be so for months.
-- Michael
--
Michael Reeder, LCPC
Hygeia Counseling Services : Baltimore / Mt. Washington Village location
http://www.hygeiacounseling.com - main website.
#psychology #counseling #socialwork #psychotherapy #EHR #medicalnotes #progressnotes @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry #mentalhealth #technology #psychiatry #healthcare #patientportal
#HIPAA #dataprotection #infosec @infosec #doctors #hospitals #BAA #businessassociateagreement #insurance #UnitedHealth #UBH #optum #ChangeHealthCare #HHS #billing #medicalbilling #EFT #claims
If you missed the House committee hearing on the Change Healthcare attack, it's up on YouTube at https://www.youtube.com/watch?v=iLjcOzmSmDY
Neither Change Healthcare nor UntiedHealth Group were testifying at this one (it was by invite only). They had reportedly briefed the committee earlier.
Senate hearing should be on April 30 and it sounds like UHG CEO WItty will be the only one scheduled to testify so far.
#Ransomware gang starts leaking stolen #ChangeHealthcare data
Screenshots seen by Axios suggest hackers have stolen a trove of sensitive information, including patients' #hospital bills, financial documents and company contracts.
There's currently a countdown on RansomHub's dark-web leak site threatening to publish data on Friday.
Change Healthcare, provides billing support to #pharmacies and #insurers, has been cleaning up fallout from a ransomware attack since February.
https://www.axios.com/2024/04/16/change-healthcare-data-leak-ransomware
Ransomware gang publishes part of stolen Change Healthcare records
#ransomware #cyberattack #databreach #privacy #dataprivacy #cybersecurity #infosec #ChangeHealthcare
"To be clear, we are still determining the content of the data that was taken by the threat actor, including any PHI/PII." #uhg #changehealthcare #ransomware
UPDATE: I see lots of people of suddenly just discovered this series of posts.
It is still the case that providers are not being paid.
You might be interested in seeing this post that showed up on Reddit yesterday, by a therapist who was already getting stiffed by insurance company shenanigans before this started, and has now gone 4 months without being paid:
https://www.reddit.com/r/therapists/comments/1bpihpv/2024_has_convinced_me_to_become_a_private_pay/
("Credentialed" here means "signed up to take an insurance with an insurance company".)
Much angsty discussion ensues among therapists about taking insurance.
And here's an account just published of doctors having not been paid for a month:
https://www.ctinsider.com/columnist/article/doctors-struggle-change-healthcare-shutdown-19366494.php
It points out something that the Reddit post alludes to: providers apparently can't submit prior authorization requests, either. That means that when they DO submit bills for those services, they'll be denied.
@psychotherapists #ChangeHealthcare #therapistsConnect #psychotherapists
Welp, I'd thought my family wasn't impacted by the #ChangeHealthcare attack, but it turns out it's why my #healthInsurance company isn't mailing out EOBs or displaying them on their website. "#GEHA is actively working on a contingency plan to restore both provider and member payment processing as well as access to impacted member and provider documents," they say. No ETA given for when that contingency plan will take effect. *sigh* #infosec #cybersecurity #ransomware #healthcare
Amid paralyzing ransomware attack, feds probe UnitedHealth’s HIPAA compliance - Enlarge (credit: Getty | Bloomberg)
As health systems around t... - https://arstechnica.com/?p=2010259 #changehealthcare #unitedhealth #cyberattack #ransomware #science #health #policy #hipaa #hhs
‘Return What You Stole and Be a Man With Dignity’
https://prospect.org/health/2024-03-11-change-unitedhealth-ransomware-pharmacies/ #ChangeHealthcare #UnitedHealth #hack #Ransomware #attack #responsibility #cheating
