In April, nearly 15 million people were affected by data breaches involving unsecured protected health information (PHI), according to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).
The largest example comes from the Kaiser Foundation Health Plan (13.4 million), but a variety of community healthcare providers comprise the majority of individual filings that are posted publicly when breaches affect 500 or more individuals. For March, HHS reported nearly 3 million people.
A U.S. Senate hearing addressing February's massive Optum/Change Healthcare data breach and system hacking was held May 1. Andrew Witty, CEO of UnitedHealth Group, which owns Change Healthcare, faced harsh comments and questions.
"Last year, UHG generated $324 billion in revenue, making it the 5th largest company in the U.S. Overall, the company touches 152 million individuals across all lines of business -- insurance, physician practice, home health, and pharmacy," said Sen. Ron Wyden (D-OR) said in a statement." With its profits, UHG has purchased dozens of other healthcare companies and is the largest purchaser of physician practices. This corporation is a healthcare leviathan. UHG was a big target long before it was hacked."
Change Healthcare maintains records of about 211 million people going back more than 10 years, Wyden said, and he criticized the company for not being able to identify the types of patient information taken by cyberattackers.
Witty said he believed medical claims flow across the U.S. has returned to normal, that deadlines would be waived for timely filings and appeals for claims, and the company would consider paying meaningful compensation to providers and plans that have had their businesses disrupted.