News & Knowledge

Add to Portfolio

VLP Partner Melissa Krasnow Quoted in Wall Street Journal Pro Cybersecurity article “Federal Authorities Say UnitedHealth Can Notify Victims of Massive Data Breach”

Posted on Jun 17, 2024 in Privacy, News by Melissa Krasnow

VLP Partner Melissa Krasnow was quoted in the Wall Street Journal Pro Cybersecurity article “Federal Authorities Say UnitedHealth Can Notify Victims of Massive Data Breach.”

This article discusses the U.S. Department of Health and Human Services allowing UnitedHealth Group to notify people whose data was exposed during a ransomware attack on its Change Healthcare unit in February, meaning UnitedHealth can notify victims of the many U.S. hospitals and healthcare providers whose patients were affected by the hack. This is an exception to the federal Health Insurance Portability and Accountability Act, which generally mandates that the provider notify victims.

The costs of disclosing a data breach vary. Companies need to identify the people affected, find their addresses and print and mail letters or hire a company to do it. Breached businesses often set up a separate customer service line for people to call with questions. Some states require companies to offer free credit-monitoring to help victims prevent identity theft. Even when not required, companies often do it anyway.

According to Ms. Krasnow: “Companies also frequently hire outside counsel, forensic experts to investigate the breach and public relations firms…[and cyber] insurance often covers notification expenses….”

Click here to read the entire article.