Nebraska Attorney General Mike Hilgers has filed a lawsuit against Change Healthcare, a UnitedHealth Group (UHG) subsidiary, alleging negligence in handling a ransomware attack that compromised sensitive health data and disrupted critical healthcare services in February. The lawsuit highlights failures in implementing proper cybersecurity measures, resulting in data theft affecting millions and leaving healthcare providers struggling with financial and operational burdens.
The lawsuit underscores the severity of the breach, which exposed the personal information of approximately 100 million Americans and caused widespread disruption within the healthcare industry.
Hilgers is seeking civil penalties, restitution, and enhanced security measures to protect Nebraska residents from future threats.
Why It Matters: This lawsuit highlights the growing impact of cybersecurity lapses in critical industries like healthcare, where data breaches can lead to severe privacy violations and operational paralysis. The incident underscores the need for stricter data security practices, transparency in breach notifications, and accountability for companies handling sensitive information.
- Major Operational Disruption: The ransomware attack forced Change Healthcare to halt processing services, delaying millions of medical transactions, leaving prescriptions unfilled, and impeding patient care for weeks.
- Massive Data Breach Scope: Sensitive health information of around 100 million Americans, including 575,000 Nebraskans, was exposed in one of the largest breaches in U.S. history.
- Negligence Allegations: Nebraska’s AG claims Change Healthcare failed to implement adequate security measures and delayed notifying affected residents, leaving them vulnerable to fraud and scams.
- Financial and Care Impact: Healthcare providers faced significant financial strain, with some systems reportedly losing over $100 million per day during the outage, exacerbating cash flow and service delays.
Nebraska Sues Change Healthcare Over February Ransomware Attack – The HIPAA Journal