Change Healthcare Notice of Data Breach Received by MDL Magistrate Judge and Law Clerk

A magistrate judge assigned to assist with pretrial proceedings in all federal Change Healthcare lawsuits has indicated that she, along with a law clerk, were recently notified that they were affected by the massive data breach that launched the litigation.

The Change Healthcare data breach was first disclosed in February 2024, when the company reported that hackers had gained access to the names, Social Security numbers, dates of birth, addresses, medical records, insurance details and other sensitive data for up to 100 million individuals.

While Change Healthcare is not well known among most U.S. consumers, it provides critical software, analytics and services for medical providers throughout the healthcare system, and some estimates suggest that one out of every three Americans has their private health information pass through the company’s servers.

Over the past six months, there has been an influx of Change Healthcare data breach class action lawsuits filed throughout the federal court system, each raising similar allegations that cybersecurity failures allowed hackers to access personal identifying and medical information.

Given common questions of fact and law raised in the claims, a federal multidistrict litigation (MDL) has been established in the District of Minnesota, where U.S. District Judge Donovan Frank is presiding over coordinated discovery and pretrial proceedings. However, the size and scope of the litigation continues to increase as individuals receive Change Healthcare notices about the data breach on a rolling basis.

During a status hearing held on December 16, Magistrate Judge Dulce J. Foster announced that she and a law clerk assigned to the MDL both received a Notice of Data Breach from Change Healthcare. She indicated that the letter would not impact how they are handling the litigation, but called on plaintiffs and defendants to notify the court on their position about whether Judge Foster and the clerk should recuse themselves.

Attorneys representing both Plaintiffs (PDF) and Defendants (PDF) submitted letters on December 27, indicating that they felt no recusals were necessary.

“Defendants Change Healthcare, UnitedHealth Group Incorporated, United Healthcare, Inc., Optum, Inc., and Change Healthcare Solutions, LLC do not view Your Honor’s receipt of a notice letter as necessitating recusal,” defendants indicated.

“Plaintiffs, like Defendants, do not view the Court’s receipt of this breach notice as grounds for recusal and are certain of the Court’s ability to remain fair and impartial in this action,” according to the plaintiffs’ letter.

The letters come as the parties continue to hold a series of Change Healthcare lawsuit settlement talks early in the MDL proceedings. Such meetings are common in complex litigation, where they are often used as a judicial tool to facilitate detailed and confidential discussions that can expedite settlement processes.