Excerpt from HIPAA Journal Article, Published on November 17, 2025
The Change Healthcare cyberattack continues to create legal and operational challenges across the country. In Nebraska, the Attorney General is moving forward with a lawsuit that questions how the company handled patient data before and during the incident. As a result, Nebraska now aims to set a stronger standard for data protection and accountability within the healthcare sector.
The cyberattack disrupted healthcare services nationwide. Consequently, hospitals, clinics, and billing systems struggled to process claims. Change Healthcare later confirmed that attackers accessed a significant amount of sensitive information. Although the company tried to restore systems quickly, many providers experienced delays that affected daily operations. Nebraska’s lawsuit reflects a growing trend of states demanding stronger cybersecurity measures from major healthcare vendors. Moreover, the Attorney General argues that Change Healthcare failed to implement essential safeguards. The company, however, maintains that it is upgrading its systems and cooperating with investigators. Even so, several states are watching this case closely because the outcome may shape future enforcement actions.
At the federal level, the Department of Health and Human Services is reviewing whether HIPAA rules were violated. Additionally, healthcare organizations want clearer guidance on risk management, especially after experiencing prolonged outages. Many providers also stress that better coordination between vendors and federal agencies could prevent similar incidents in the future.
For Nebraska, the case represents more than a legal battle. It emphasizes the need for faster communication, earlier threat detection, and stronger support for affected individuals. Furthermore, the state hopes this case will encourage healthcare companies to adopt higher cybersecurity standards across all critical systems. Ultimately, the outcome may influence how states respond to future breaches.
To delve deeper into this topic, Visit HIPAA Journal.
