Change Healthcare begins sending breach notifications

Chad Van Alstin | | Health Exec | Cybersecurity
UnitedHealthcare UHC UnitedHealth

Change Healthcare has begun to notify its clients—including hospitals, payer organizations and providers—that information on their patients was exposed to hackers during the February ransomware attack on the Change Healthcare network.

In an update provided on June 20, Change Healthcare confirmed it will be notifying patients directly starting in July—something that will likely come as a relief to provider groups who were concerned they’d end up having to notify patients themselves.

Change Healthcare is responsible for processing the majority of healthcare reimbursement claims, and the breach likely exposed a third of Americans. The company is still investigating the precise number of people impacted.

Personal data taken by hackers included names, addresses, health insurance information and social security numbers. However, Change Healthcare’s parent company, UnitedHealth Group, has said there is no evidence medical records or detailed patient medical histories were taken—however, the cybercriminals who posted the data trove for sale on the dark web claim to have detailed medical and dental records from patients.

UnitedHealth/Change Healthcare will be offering impacted patients two years of identity protection services, in compliance with HIPAA regulations.

Related Articles:

UnitedHealth needs to be solely responsible for HIPAA notifications after Change Healthcare breach, letters demand
Q&A: Healthcare cybersecurity advocate fears damage from Change Healthcare breach has only begun
HHS: ‘Who is responsible for ensuring that individuals affected by the Change Healthcare breach receive notification?’
Primary care physicians see largest pay increase, averaging $300K in annual compensation
Rising cost of private insurance unsustainable for 180 million families, study finds
Chad Van Alstin Health Imaging Health Exec
Chad Van Alstin

Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.

Related Content

Healthcare hacker sentenced to 10 years in prison
Ransomware group deploys ticking clock to threaten Georgia hospital
Hackers were inside an Iowa hospital’s network for two weeks
Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
CMS contractor takes $1.2M loss after data breach, DOJ lawsuit

Around the web

Cardiovascular Business
Payment cuts and beyond: Key takeaways for cardiologists from the 2025 Medicare Physician Fee Schedule

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

AI in Healthcare
A modest proposal to rally AI regulators around a simple game plan

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

Cardiovascular Business
FDA commissioner urges clinicians to join fight against medical misinformation

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Design by Adaptive Theme
Trimed Popup
Trimed Popup