March 13 (Reuters) - UnitedHealth Group ( UNH ) has

already been hit with at least six class action lawsuits

accusing it of failing to protect millions of people's personal

data from last month's hack of Change Healthcare, its payment

processing unit, with more lawsuits likely to come.

In a motion filed late on Tuesday in Washington, D.C.,

plaintiffs' lawyers asked a federal judicial panel to

consolidate the six cases in federal court in Nashville,

Tennessee, where Change is headquartered, and said they expected

more cases to be filed.

It is not known how large the litigation could become

because it is not clear how much or what kind of information was

compromised in the attack, which was carried out by the

ransomware hacker group BlackCat.

UnitedHealth ( UNH ), which disclosed the attack on Feb. 21 without

specifying how many people were affected, said in a statement

Wednesday that it was focused restoring Change's operations.

UnitedHealth ( UNH ) hasn't said if BlackCat demanded ransom, but a

post on an online forum used by hackers claimed the company paid

$22 million to the hackers for regaining access to its locked

systems.

Under the Health Insurance Portability and Accountability

Act (HIPAA), a U.S. health privacy law, companies have 60 days

after discovering a data breach to notify affected individuals

that their personal information has been compromised.

For breaches affecting more than 500 people, the company

must notify federal regulators and prominent media. UnitedHealth ( UNH )

has so far not given such a notice.

Change processes about 50% of the medical claims in the

United States for around 900,000 physicians, 33,000 pharmacies,

5,500 hospitals and 600 laboratories.

The attack has halted Change's operations, leaving

providers, including major hospital systems, small medical

practices and pharmacies unable to collect payments. According

to UnitedHealth's ( UNH ) website, Change is expected to resume

processing payments by March 15.

All of the lawsuits claim that Change failed to safeguard

patients' personal information, putting them at risk of identity

theft and privacy violations. Some also allege that patients

have been unable to fill prescriptions because their insurance

claims cannot be processed, putting their health at risk.

Plaintiffs say that information stored by Change, and now

potentially at risk, includes medical records, payment

information, names and Social Security numbers. One of the

lawsuits says that "information from the data breach is on the

dark web and already being offered for sale," though it does not

provide any details supporting that claim.

The lawsuits accuse the company of negligence and of

violating the privacy requirements in HIPAA and various state

laws.

Four of the lawsuits are filed against Change in Nashville,

and two are filed against UnitedHealth ( UNH ) in the parent company's

home state of Minnesota.

Tuesday's motion was filed by the lawyers in the Nashville

cases. Lawyers in the Minnesota cases could file a competing

motion to have the cases moved to their court, in which case the

U.S. Judicial Panel on Multidistrict Litigation would decide

where to send them.