Attorney General Tim Griffin issued the following statement announcing that his office is initiating an investigation of Change Healthcare, Inc., a unit of UnitedHealth Group, under the Arkansas Personal Information Protection Act and the Arkansas Deceptive Trade Practices Act in light of a February cyberattack:
“I am initiating an investigation into Change Healthcare, Inc., a unit of UnitedHealth Group, to determine whether the confidential medical information of Arkansans was compromised in the late February cyberattack against Change Healthcare and whether any laws were violated. Additionally, my office will look into whether Change Healthcare used reasonable security procedures and practices to protect this information as required by Arkansas law.
“Protecting Arkansans’ personal information and holding organizations accountable for data breaches are two of my responsibilities under Arkansas law.”
The ransomware attack has disrupted billing and healthcare information systems across the country and has threatened hospitals’ ability to care for patients and pay physicians. Earlier this month, the U.S. Department of Health & Human Services announced that it will investigate the cyberattack, citing its “unprecedented magnitude.”
Original source can be found here.