The American Medical Association (AMA) urged UnitedHealth (UHG) to keep patients and physicians informed of its plans following a cyberattack on April 22, which has led to suspended claim payments and inability for practices to function effectively. The AMA is pressing Congress to provide resources to help medical practice recover and fend off future cyberattacks. The Medical Group Management Association (MGMA) demanded that responsibility for breach notifications rests with Change Healthcare and UnitedHealth, not the providers.
Change Healthcare lacked safeguards even as it gave security advice
UnitedHealth’s CEO confirmed a lack of cybersecurity enforcement led to the ransomware attack on Change Healthcare in February. A group called BlackCat/ALPHV used compromised credentials