Following one of the largest medical data breaches in recent years, Change Healthcare is now notifying individuals throughout the United States that they may be impacted by a ransomware attack that compromised sensitive personal and medical information. However, the Change Healthcare letters only offer victims limited credit and fraud protections, while lawsuits seek to hold the company accountable for the full impact of the cybersecurity failures.
The technology company, owned by Optum—a component of UnitedHealth Group—offers various services to healthcare providers, assisting with insurance verification, pre-authorizations for medical procedures, and other essential administrative tasks. It is reported that sensitive medical information for approximately one out of every three Americans passes through Change Healthcare. However, some of this sensitive information has been compromised in a recent breach, causing widespread concern.
Details of the Data Breach
Information about the data breach first emerged in late February 2024, when the U.S. Department of Health and Human Services launched an investigation into the Change Healthcare cyberattack. This incident disrupted healthcare and billing information operations nationwide, highlighting the substantial impact on the healthcare system. Subsequent investigations revealed that Change Healthcare was hit by a ransomware attack by a hacker group known as ALPHV/Blackcat, stealing roughly eight terabytes of data.
The stolen data included sensitive patient information such as names, Social Security numbers, dates of birth, addresses, phone numbers, email addresses, insurance policy numbers, medical records, diagnoses, test results, treatment and insurance records, billing information, procedure descriptions, and other personal information. After an attempt to buy back the stolen data for $22 million failed, Change Healthcare is now offering millions of customers impacted by the breach free identity and credit monitoring services through IDX.
Response to the Breach
Despite the data breach’s severe implications, Change Healthcare’s response has been criticized for offering only limited credit and fraud protections. Many individuals affected by the breach believe that these measures are inadequate given the extensive and irrevocable nature of the compromised data. As a result, numerous Change Healthcare class action lawsuits are being pursued, seeking additional protections and financial compensation from the company.
The lawsuits allege that inadequate security measures led to the exposure of sensitive information, which could be used for identity theft or blackmail. Victims are concerned that the offered two years of fraud protection through IDX will not be sufficient to mitigate long-term risks. The breached data includes critical information that could affect individuals’ credit, employment, and access to medical services for decades.
Change Healthcare Notice of Data Breach
Starting on June 20, 2024, many individuals began receiving notices from Change Healthcare titled “Notice of Data Breach.” The notice confirmed that a cyber-criminal was able to access and copy data from their computer system between February 17, 2024, and February 20, 2024. The notification outlined the extent of the stolen information, which includes health insurance data such as health plans, insurance companies, ID numbers and Medicaid-Medicare-government payor ID numbers, health data like medical record numbers, doctors, diagnoses, medications, test results, and treatments. It also includes billing and payment data, as well as personal data including Social Security numbers, driver’s license numbers, and other ID numbers.
How To Sign Up for Change Healthcare Data Breach Credit Monitoring
Within the Change Healthcare notices, customers are being given instructions on how to sign up for the two years of fraud protection services through IDX. Here are the steps to enroll in the credit and identity monitoring services:
- Navigate to the Change Healthcare Consumer Support Page and click on the “Sign up now” button.
- Fill out the registration form with your first name, email address, and set up a password.
- Verify your email address to move forward.
- Enable your “Credit and Identity Monitoring” services.
- For further help, contact IDX customer support at 1-888-846-4705 to help set up your account.
Available Services Through Free Fraud Monitoring
IDX’s credit and fraud monitoring service offers several tools to protect and monitor your identity and credit. Here are some of the key features available to customers:
- Credit Monitoring: Continuous monitoring of credit reports to alert users of any changes that might indicate fraudulent activity.
- Identity Theft Protection: Identity monitoring that checks various data points for signs of misuse of personal information.
- CyberScan: This tool continuously scans the deep and dark web for any exposure of personal information to cybercriminals.
- Identity Restoration Services: In case of identity theft, IDX offers assistance in restoring one’s identity, including resolving identity theft incidents and reclaiming one’s financial identity.
Change Healthcare Class Action Lawsuits Seek Additional Damages
While Change Healthcare has started offering two years worth of credit and identity monitoring services, numerous class action lawsuits have been filed by individuals demanding more comprehensive remedies. These lawsuits emphasize that the potential damage from the stolen data extends far beyond the two-year protection period.
Plaintiffs argue that the release of Social Security numbers and medical information poses risks that could endure for decades, leading to sustained identity theft, financial fraud, and misuse of health data. Such breaches can have prolonged effects on credit, employment, insurance, and medical services. Victims are seeking compensation for actual damages, which include out-of-pocket expenses incurred from dealing with fraud and the broader financial impacts, as well as medical expenses endured during the system outages caused by the breach.
Given the common questions of fact and law raised in a growing number of these lawsuits, the U.S. Judicial Panel on Multidistrict Litigation (JPML) issued a transfer order on June 7, 2024. This order centralizes the Change Healthcare lawsuits in the U.S. District Court of Minnesota under Judge Donovan W. Frank for coordinated pretrial proceedings, as part of the Customer Data Security Breach Litigation.
Change Healthcare Data Breach Lawyers
Change Healthcare has provided notices containing instructions for customers on how to enroll in two years of fraud protection services offered by IDX. To get started with these credit and identity monitoring services, follow these simple steps:
- Visit the Change Healthcare Consumer Support Page and click on the “Sign up now” button.
- Complete the registration form by entering your first name, email address, and creating a password.
- Confirm your email address to proceed to the next step.
- Activate your “Credit and Identity Monitoring” services.
- Should you need additional assistance, you can contact IDX customer support at 1-888-846-4705 for help with setting up your account.
By enrolling in these services, you will benefit from comprehensive monitoring that helps protect your financial and personal information from being misused. The service notifies you of any suspicious activity that could indicate fraudulent actions, giving you peace of mind. Moreover, the process is straightforward and user-friendly, ensuring that you can quickly and efficiently set up your protection.
Remember that this proactive step can save you from the hassles and potential losses associated with identity theft. Whether you need help understanding the service or encountering issues during registration, IDX’s customer support is available to guide you through the process smoothly.
Make sure to act promptly and take advantage of the fraud protection services to safeguard your identity and credit.