Cyberattack Against Change Healthcare Leads to Litigation | Practical Law
In the wake of a widespread cyberattack against a health care technology company and business associate (BA) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Change Healthcare, Inc.), an individual affected by the data breach has filed a class action complaint against the BA in a Tennessee district court, asserting various state law claims. In support of the plaintiff's negligence claims, the complaint alleged that the BA failed to safeguard protected health information (PHI) as required under HIPAA's Privacy and Security Rules. The litigation is one of several lawsuits that have recently been brought against the BA or its parent company, a major health insurer, as a result of the cyberattack.