Hospital associations are urging UnitedHealthcare's CEO to provide a breach notification on behalf of the hospitals and health systems affected by the Feb. 21 attack on its subsidiary Change Healthcare.
Hospital groups including the American Hospital Association, Children's Hospital Association, Federation of American Hospitals and more wrote a letter May 8 to UnitedHealth Group CEO Andrew Witty urging him to formalize "intentions regarding any breach notifications following the cyberattack on Change Healthcare."
In an April 22 news release from UnitedHealth Group, the company said it would provide a breach notification once it learned what kind of information was compromised. The company also said it would handle notifications and associated administrative tasks for any provider or customer that was affected by the breach.
But the hospital associations want UnitedHealth Group to notify HHS' Office for Civil Rights, state regulators, Congress, the media and other relevant stakeholders that it agrees to handle breach notifications for all the parties it covers, acting on their behalf.