Change Healthcare, a subsidiary of UnitedHealth Group, was hit with a ransomware attack in late February that has disrupted billing operations around the country.
Change manages payments systems for payers, providers and patients in the U.S. The Justice Department wrote in 2022 court filings that Change handles half of all medical claims in the country.
According to a survey from the American Hospital Association, more than 80 percent of hospitals say their cash flow has been affected by the attack on Change.
HHS announced its probe into the incident on Tuesday.
“Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident,” the agency said in a statement.
“OCR’s investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and Change Healthcare’s and UHG’s compliance with the HIPAA Rules.”
Secretary Xavier Becerra and Deputy Secretary Andrea Palm also met with health care community leaders this week to go over actions that will help limit the harm of the attack.
When reached for comment, UHG said in a statement, “We will cooperate with the Office of Civil Rights (OCR) investigation. Our immediate focus is to restore our systems, protect data and support those whose data may have been impacted. We are working with law enforcement to investigate the extent of impacted data.”