UnitedHealth Group's Change Healthcare said it will take several more months to identify the personal data that was compromised from its Feb. 21 cyberattack, The Wall Street Journal reported Feb. 25.
Sara Goldstein, a partner on the healthcare privacy and compliance team at law firm Baker Hostetler, told the Journal that once Change Healthcare completes the investigation into the attack, it will bring to light an unprecedented breach of data.
"This is a first of its kind in healthcare," Ms. Goldstein said. "Change has tentacles throughout the industry."
On April 22, UnitedHealth said "a substantial proportion of people in America" might have been affected by the incident, although the company added there has been no indication of the removal of items such as physicians' charts or complete medical histories.
Despite this, health system leaders are concerned about what kinds of information could have been compromised.
"One thing that's heartbreaking for us is [that] these are our patients. They're entrusting their care and information to us," Deborah Gordon, chief administrative and legal officer at Houston-based Memorial Hermann Health System, told the Journal.