Change Healthcare begins sending breach notifications
Change Healthcare has begun to notify its clients—including hospitals, payer organizations and providers—that information on their patients was exposed to hackers during the February ransomware attack on the Change Healthcare network.
In an update provided on June 20, Change Healthcare confirmed it will be notifying patients directly starting in July—something that will likely come as a relief to provider groups who were concerned they’d end up having to notify patients themselves.
Change Healthcare is responsible for processing the majority of healthcare reimbursement claims, and the breach likely exposed a third of Americans. The company is still investigating the precise number of people impacted.
Personal data taken by hackers included names, addresses, health insurance information and social security numbers. However, Change Healthcare’s parent company, UnitedHealth Group, has said there is no evidence medical records or detailed patient medical histories were taken—however, the cybercriminals who posted the data trove for sale on the dark web claim to have detailed medical and dental records from patients.
UnitedHealth/Change Healthcare will be offering impacted patients two years of identity protection services, in compliance with HIPAA regulations.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.