Change Healthcare Lawsuit Filed Over Release of Sensitive Health Information in Data Breach

Lawsuit comes as individuals nationwide continue to receive notice of a massive Change Healthcare data breach, learning that their private health information may have been compromised.

A Pennsylvania woman has filed a class action lawsuit over the recent Change Healthcare data breach, saying that the technology company not only failed to secure patients’ private health information (PHI), but also failed to adequately inform individuals nationwide when that data was stolen.

The complaint (PDF) was brought by Paulette Bensignor in the U.S. District Court for the District of Minnesota on October 1, seeking class action status to pursue damages on behalf of herself and millions of other patients affected by the data breach.

While Change Healthcare is not well known among most patients, it provides software, analytics and services for medical providers throughout the U.S. healthcare system, with some estimates suggesting that one out of every three individuals has their private health information pass through the company’s servers. Change Healthcare, Inc. is a part of Optum, Inc. and UnitedHealth Group (UHG) Inc., which were all named as defendants in the lawsuit.

In February, Change Healthcare announced it had been hacked through a ransomware attack by a Russian group known as Blackcat, which blackmailed the company into paying $22 million in bitcoins to be able to re-access its own customer data. However, the Change Healthcare data breach gave the hackers access to millions of customers’ private medical records and health information, placing individuals at risk for fraud, identity theft, blackmail and severe emotional distress.

Although the data was compromised months ago, Change Healthcare notices of the data breach just started going out to patients impacted, and many are just now learning about the incident.

Change Healthcare Lawsuit

Were you impacted by the Change Healthcare data breach?

Lawyers are reviewing potential claims for individuals whose private medical information and other personal details were compromised in a data breach at Change Healthcare.

Learn More SEE IF YOU QUALIFY FOR COMPENSATION

According to her Change Healthcare lawsuit, Bensignor indicates that she had her health insurance through UnitedHealthcare, and is now concerned over the safety of that information and the risks of identity fraud.

As a result, she has suffered anxiety and emotional distress, and committed time and resources to secure her data and her accounts against potential fraud. The lawsuit indicates the defendants should be held liable for putting patients’ data at risk and seeks to represent all such affected patients through the class action lawsuit.

“Plaintiff initiates this class action lawsuit representing herself and all individuals in a similar situation to address the Defendants’ insufficient protection of Class Members’ PHI, which it collected and maintained,” her lawsuit states. “Further, the lawsuit addresses the Defendants’ failure to promptly and adequately notify the Plaintiff and other Class Members about the unauthorized access of her information by an unknown third party, as well as the precise type of information that was accessed.”

Bensignor presents claims of negligence, negligence per se, breach of implied contract and unjust enrichment. The lawsuit also wants the court to declare UHG’s cybersecurity to be insufficient and order it to establish policies and procedures ensuring patients’ personal information is reasonably secure.

Change Healthcare Data Breach Lawsuits

Bensignor’s class action joins several Change Healthcare data breach lawsuits filed to date, all arguing that the release of Social Security numbers and medical information poses risks that plaintiffs could endure for decades, and that such breaches could lead to sustained identity theft, financial fraud and misuse of health data, impacting credit, employment, insurance and medical services long-term.

Given common questions of fact and law raised in the growing number of Change Healthcare lawsuits, the litigation has been consolidated in the U.S. District Court of Minnesota under Judge Donovan W. Frank for coordinated pretrial proceedings since June, to reduce duplicative discovery into common issues in the litigation, avoid conflicting rulings from different courts, and serve the convenience of common witnesses in the claims.

Over the coming weeks and months, the size and scope of the litigation is expected to continue to expand, as many individuals impacted are just now receiving notice about the data breach, and contacting lawyers to pursue potential Change Healthcare lawsuits.

In addition to class action complaints, it is also expected that a number of individual claims will be filed, both in the U.S. court system, as well as through an arbitration process, which may provide the opportunity for impacted individuals to obtain Change Healthcare settlements.


Find Out If You Qualify For a Change Healthcare Breach Settlement

14 Comments

  • DianeOctober 24, 2024 at 2:46 pm

    Not notifying me until MONTHS AFTER this company knew about this SERIOUS...BEYOUND SERIOUS INVASIVE BREACH of our most private healthcare information is criminal! On September 17th, I received "Change Healthcare Notice of Data Breach" letter dated September 3. Waiting to begin to notify us as "business customers" until June 20th is ludicrous!! The data breach is our MOST PRIVATE, GUARDED HEALTH[Show More]Not notifying me until MONTHS AFTER this company knew about this SERIOUS...BEYOUND SERIOUS INVASIVE BREACH of our most private healthcare information is criminal! On September 17th, I received "Change Healthcare Notice of Data Breach" letter dated September 3. Waiting to begin to notify us as "business customers" until June 20th is ludicrous!! The data breach is our MOST PRIVATE, GUARDED HEALTHCARE INFORMATION ‼️! IT'S EVERY BIT OF OUR HEALTH CARE INFORMATION. HIPPA‼️‼️‼️‼️‼️‼️‼️ I'm beyond appalled by the total lack of security as shown by CHANGEHEALTH to prevent such a breach of our MOST PRIVATE INFORMATION.

  • ScottOctober 9, 2024 at 4:25 pm

    For any company that waits several months before notifying customers of a breach should be criminal! I have never heard of this company but looking at their customer base they pretty much cover a huge percentage of healthcare providers nationally. I’m not satisfied with credit monitoring for 1 year. They need to pay for it indefinitely and then reimburse me for any fraud. These companies are too c[Show More]For any company that waits several months before notifying customers of a breach should be criminal! I have never heard of this company but looking at their customer base they pretty much cover a huge percentage of healthcare providers nationally. I’m not satisfied with credit monitoring for 1 year. They need to pay for it indefinitely and then reimburse me for any fraud. These companies are too cheap to pay for services to protect their data and now everyone else pays the price.

  • MichelleOctober 9, 2024 at 3:19 pm

    I got my notice in September. I was already in the process of taking security measures because of a breach months earlier that involved my social security. Unbelievable.

  • AgnesOctober 9, 2024 at 1:13 pm

    This took place in February and I just got my notice in September. I would say its a bit late.

  • DouglasOctober 9, 2024 at 8:35 am

    Yes it's Terrible. But people this lawsuits class action doesn't even benefit us only the lawyers because they get paid millons. And because there so many people affected by this Company they each of us get really nothing. Maybe 30.00 or less unless u really can prove you were affect now not in the future with your information leaked which is terrible. But when you join this lawsuit your agree th[Show More]Yes it's Terrible. But people this lawsuits class action doesn't even benefit us only the lawyers because they get paid millons. And because there so many people affected by this Company they each of us get really nothing. Maybe 30.00 or less unless u really can prove you were affect now not in the future with your information leaked which is terrible. But when you join this lawsuit your agree that u cnt sue them in the future.

  • HeatherOctober 9, 2024 at 6:15 am

    I am also a victim, I never received notice but I know my healthcare was compromised and it wasn't just someone taking a few details, they tried to wipe me out!5

  • BreannaOctober 9, 2024 at 1:27 am

    I’ve received over 300+ calls PER MONTH for health insurance schemes since my data was sold. I’ve had attempted phishing schemes and others pretending to be healthcare professionals to scam me. I have had to get a call filter service, block any new calls coming in, and only speak to providers in person. I am chronically ill and this is horrifying

  • debbieOctober 8, 2024 at 6:00 pm

    Unacceptable that they knew in March, printed the letter on Sept 3rd and then did not mail it till now, OCT 8th is when I received this. They need to be put out of business!

  • GloriaOctober 8, 2024 at 2:16 pm

    Seems odd with all the protections in place to prevent these damaging breaches, so little is done in the way of prevention/ compensation. Seemingly, the wicked wizards are outsmarting the computer geeks by a wide margin !!! My, I long for simpler times with less carnage to scroll through. Sometimes I wish I had never gotten an Android. More Stress !! There is no end to this drama. No security, no [Show More]Seems odd with all the protections in place to prevent these damaging breaches, so little is done in the way of prevention/ compensation. Seemingly, the wicked wizards are outsmarting the computer geeks by a wide margin !!! My, I long for simpler times with less carnage to scroll through. Sometimes I wish I had never gotten an Android. More Stress !! There is no end to this drama. No security, no trust can be assured by anything of manmade contrivance.

  • MorganOctober 8, 2024 at 1:31 pm

    I just got my notice a week ago.. im having to clean up what change healthcare has caused me. Shame on them for waiting so long to notfy me

  • PhilipOctober 8, 2024 at 10:45 am

    I recently acquired additional monitoring security thru another organization which should be executed at end of this week. A check was sent so early next week at the latest. I failed at securing monitoring thru normal channels(credit bureau's).I'm keeping the faith I won't be breached in this short windows of time.

  • TamickaOctober 8, 2024 at 1:12 am

    When I received this notice my heart dropped to the floor. It's sad that people are just getting these letters and all this happened in February. All my information hacked. Please added me to this case.

  • SharonOctober 8, 2024 at 12:41 am

    My credit was truly effected

  • CourtneyOctober 7, 2024 at 10:48 pm

    Same as below!

Share Your Comments

I authorize the above comments be posted on this page*

Want your comments reviewed by a lawyer?

To have an attorney review your comments and contact you about a potential case, provide your contact information below. This will not be published.

NOTE: Providing information for review by an attorney does not form an attorney-client relationship.

This field is for validation purposes and should be left unchanged.

More Top Stories

Depo-Provera Lawsuit MDL Application Will Be Considered by JPML at Hearing on Jan. 30, 2025
Depo-Provera Lawsuit MDL Application Will Be Considered by JPML at Hearing on Jan. 30, 2025 (Posted 3 days ago)

With a growing number of women pursuing Depo-Provera brain tumor lawsuits throughout the federal court system, the U.S. JPML will decide whether to consolidate and centralize the claims before one judge for coordinated discovery and pretrial proceedings.