In response to a crippling cyberattack on its subsidiary, Change Healthcare, the Biden administration has launched an investigation into UnitedHealth Group. The attack has not only disrupted health-care payments but has also potentially exposed the private data of millions of patients. The Department of Health and Human Services (HHS) announced on Wednesday that the investigation would focus on evaluating the extent of the breach and assessing compliance with the Health Insurance Portability and Accountability Act (HIPAA), which safeguards patients' confidential information.

The HHS Office for Civil Rights stated in a press release, "Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident." This move aligns with past actions taken by the federal government to investigate and penalize health-care organizations for data breaches. Notably, in 2020, Anthem paid a $16 million settlement following a data breach in 2015 that impacted 79 million individuals' protected health information.

Industry experts have labeled the February 21 attack on Change Healthcare, the largest processor of medical claims in the country, as the most significant incident of its kind in the history of the U.S. health system. The hackers stole patient data, encrypted company files, and then demanded a ransom to unlock them. UnitedHealth Group has declared its cooperation with the investigation, stating that their immediate priority is restoring their systems, protecting data, and supporting those affected by the breach.

Health-care organizations have welcomed the federal investigation, viewing it as a step towards understanding the root cause of the attack and its consequences. Chip Kahn, CEO of the Federation of American Hospitals, applauded HHS, emphasizing the importance of providers being able to focus on patient care while the investigation proceeds.

However, the aftermath of the cyberattack continues to have a significant impact on health-care providers. Three weeks have passed, and many health-care payments remain frozen, causing hospitals and doctors to struggle with meeting payroll. Lawmakers have reached out to UnitedHealth, urging the company to take additional actions to address the ongoing payment crisis.

Recently, the White House held a meeting with UnitedHealth CEO Andrew Witty and other leaders in the health industry, urging them to expedite payments to affected providers. Senator Maggie Hassan from New Hampshire also appealed to President Biden for assistance during his visit to the state, stressing the urgent need for financial support to ensure patient care can be maintained.

Hospitals in rural areas have been particularly affected by the outage caused by the Change Healthcare hack. In a letter addressed to UnitedHealth, Senator Hassan expressed concerns about the dire financial impact on these hospitals, stating that they have seen almost all of their claims and cash flow disappear, necessitating immediate financial assistance.

In response to sustained criticism, the insurance industry, represented by the lobbying arm AHIP, has defended its actions, highlighting the steps taken to support providers and ensure continuity in patient care. However, lawmakers and health-care provider groups argue that these efforts are inadequate. Connecticut's congressional delegation wrote to HHS Secretary Xavier Becerra, urging him to hold UnitedHealth Group accountable and ensure that the company's response meets the severity of the situation.

UnitedHealth has outlined a timeline for bringing its services back online, with plans to commence testing and reestablish its claims network on March 18. Despite these promises, providers in various states report no significant relief, raising concerns about the urgency of the situation.

As the investigation unfolds, the Biden administration is striving to address the critical fallout from the cyberattack on UnitedHealth Group, working to mitigate the impact on health-care payments and secure the privacy of patients' data.

(Note: The information provided in this article is based solely on the context provided by the user, and no additional sources have been referenced.