UnitedHealth Group faces wave of lawsuits over cyberattack fallout
The company’s subsidiary Optum Solutions came under a cyberattack in February, affecting the data of an unknown number of individuals.
UnitedHealth Group is facing multiple class action lawsuits alleging negligence in safeguarding individuals’ personal data following the recent cyberattack on its payment processing unit, Change Healthcare.
The lawsuits, numbering at least six currently, are seeking consolidation in federal court in Nashville, Tennessee, where Change is based. Plaintiffs anticipate additional lawsuits to be filed.
The full extent of potential litigation remains uncertain due to the lack of clarity regarding the scope and nature of the compromised information from the attack, attributed to the ransomware group BlackCat.
According to the Health Insurance Portability and Accountability Act (HIPAA), companies must notify affected individuals of data breaches within 60 days of discovery. Moreover, for breaches impacting over 500 individuals, notification to federal regulators and major media outlets is mandatory. Despite this, UnitedHealth has not issued such notifications thus far.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.