Change Healthcare Notices of Data Breach Offer Only Limited Credit Monitoring Protections

Following one of the largest medical data breaches in recent years, Change Healthcare is now notifying individuals throughout the United States that they may be impacted by a ransomware attack that compromised sensitive personal and medical information. However, the Change Healthcare letters only offer victims limited credit and fraud protections, while lawsuits seek to hold the company accountable for the full impact of the cybersecurity failures.

Change Healthcare is a technology company owned by Optum, a component of UnitedHealth Group, which offers services to various different healthcare providers, assisting with insurance verification, pre-authorizations for medical procedures, exchange of insurance claim information and other crucial administrative operations.

Some reports suggest that sensitive medical information for about one out of every three Americans passes through the company as it provides the services to healthcare providers and insurance companies. However, it now appears that some of this sensitive information may have been compromised in a recent data breach.

Information about the data breach first emerged in late February 2024, when the U.S. Department of Health and Human Services launched an investigation into the Change Healthcare cyberattack, which had disrupted healthcare and billing information operations nationwide.

Subsequent investigations have now revealed that Change Healthcare was hit by a ransomware attack by a hacker group known as ALPHV/Blackcat, who were able to steal roughly eight terabytes of data, which included the following patient information:

• Names
• Social Security numbers
• Dates of birth
• Addresses
• Phone numbers
• Email addresses
• Insurance policy numbers
• Medical records
• Diagnoses
• Test results
• Treatment and insurance records
• Billing information
• Procedure descriptions
• Other personal information

After an attempt to buy the stolen data back from the hacker group for $22 million failed, Change Healthcare is now offering millions of customers impacted by the data breach free identity and credit monitoring services through IDX.

However, a number of individuals whose personal and medical information was stolen are now pursuing Change Healthcare class action lawsuits seeking additional protections and financial compensation from the company, alleging that inadequate security measures led to the release of sensitive and irrevocable data, which could be used for identity theft or blackmail.

In this featured post, AboutLawsuits.com provides some samples of the notices from Change Healthcare about the data breach that many individuals are now receiving, which outline steps that can be taken to take advantage of the free identity monitoring.

In addition, individuals who received the notice can now find out if they may qualify to participate in a Change Healthcare data breach lawsuit or individual claim, by filling out the form at the bottom of this post.

This information will then be reviewed by a data breach lawyer to determine whether financial compensation and additional benefits may be available as a result of the cybersecurity failures at Change Healthcare.

Change Healthcare Notice of Data Breach Letter

Many of the individuals whose personal and medical information was stolen during the breach began receiving mailed notices from Change Healthcare starting on June 20, 2024, titled “Notice of Data Breach“, confirming that a cyber criminal was able to see and take copies of data in their computer system between February 17, 2024 and February 20, 2024.

What Information Was Stolen During Change Healthcare Breach?

Within the letters, customers are informed that a wide ranging series of personal and medical information could have been stolen during the breach, including:

• Health insurance data (such as health plans/policies, insurance companies, member/group ID numbers and Medicaid-Medicare-government payor ID numbers)
• Health data (such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment)
• Billing, insurance claims and payment data (such as claim numbers, account numbers, billing codes, payment cards, financial and banking information, as well as balances)
• Other personal data (such as Social Security number, driver’s license or state ID number, or other ID number)

How To Sign Up for Change Healthcare Data Breach Credit Monitoring

Within the Change Healthcare notices, customers are being offered two years worth of fraud protection services through IDX, which may alert users to changes in their credit report and potential threats to their identity, if detected.

To sign up for the IDX credit and identity monitoring services being offered by Change Healthcare, follow the steps outlined below;

1. Go to the Change Healthcare Consumer Support Page and click on the “Enroll now” button.
2. Complete the registration form with your name, email address, and create a password.
3. Confirm your email address to proceed.
4. Activate your “Credit and Identity Management” services.

For further support, contact IDX customer service at 1-888-846-4705 for assistance in setting up your account.

What Services Are Provided Through the Free Fraud Monitoring?

IDX’s credit and fraud monitoring service offers several tools that can help protect and monitor your identity and credit. Here are some of the key features available to customers:

• Credit Monitoring: IDX provides continuous credit monitoring to alert users of any changes that might indicate fraudulent activity.
• Identity Theft Protection: This service includes identity monitoring that checks various data points for signs of misuse of personal information.
• CyberScan: This tool continuously scans the deep and dark web to check if personal information is being exposed to cybercriminals.
• Identity Restoration Services: In case of identity theft, IDX offers assistance in restoring one’s identity, which includes helping resolve identity theft incidents and reclaiming one’s financial identity.

Change Healthcare Class Action Lawsuits Seek Additional Damages

While the healthcare technology company has begun offering customers two years worth of credit and identity monitoring services, dozens of Change Healthcare class action lawsuits have been filed by individuals, who claim that the potential for damage extends far beyond this limited timeframe.

Several Change Healthcare data breach lawsuits filed to date outline how the release of Social Security numbers and medical information poses risks that plaintiffs could endure for decades, arguing that such breaches could lead to sustained identity theft, financial fraud, and misuse of health data, impacting credit, employment, insurance and medical services long-term.

Many of these victims are seeking legal representation to pursue compensation for their actual damages, which include both out-of-pocket expenses incurred from dealing with the fraud and the broader financial impacts, as well as out of pocket medical expenses endured during the Change Healthcare system outages.

Given common questions of fact and law raised in a growing number of Change Healthcare lawsuits being filed, the U.S. Judicial Panel on Multidistrict Litigation (JPML) issued a transfer order centralizing Change Healthcare lawsuits (PDF) on June 7, 2024, in response to a motion to centralize claims filed throughout the federal district court system before one judge for pretrial proceedings.

In the order, the JPML instructed for the claims to be centralized in the U.S. District Court of Minnesota under Judge Donovan W. Frank for coordinated pretrial proceedings, as part of a Change Healthcare, Inc., Customer Data Security Breach Litigation.

Change Healthcare Data Breach Lawyers

Change Healthcare data breach lawyers are providing free consultations and claim evaluations for individuals who have had their identities stolen or suffered losses due to the data breach.

To determine whether you or a loved one may be eligible for a Change Healthcare lawsuit settlement, fill out the form below for a lawyer to determine whether a settlement or lawsuit payout may be available. There are no fees or expenses unless a recovery is obtained in your case.