A substitute breach notice has been published on the Change Healthcare website regarding its February 2024 cyberattack and mentioned the start of sending notification letters to the impacted persons on July 20, 2024. Change Healthcare stated that the data analysis is about to be completed; however, more affected individuals could still be discovered.
In the breach notice, Change Healthcare details the following information about the breach:
- it was discovered on February 21, 2024
- hackers acquired access to its internal network from February 17 to February 20, 2024
- on March 7, 2024, Change Healthcare reported the massive exfiltration of data from its network
- data analysis was started only on March 13, 2024, when Change Healthcare got a safe copy of the information to assess
- the preliminary analysis showed that a big percentage of people in the U.S. were impacted, possibly 1 in 3
- Americans, which means the total number of people affected may reach over 110 million.
The types of data compromised or stolen differ from person to person and may consist of a few or all of the listed below. In certain cases, the data of guarantors was likewise exposed.
- Medical insurance details (including primary, secondary, or other insurance policies/health plans, member/group ID numbers, insurance providers, and Medicaid-Medicare-government payor ID numbers);
- Health data (including medical record numbers, healthcare providers, diagnoses, prescription drugs, lab test results, photos, care and treatment notes);
- Billing, claims, and payment details (including account numbers, claim numbers, billing codes, financial and banking details, payment cards, amounts paid, and balance due); and/or
- Other personal data like driver’s license numbers, Social Security numbers, state ID numbers, or passport numbers.
The notice shares a few measures that the impacted persons can take to safeguard themselves against the improper use of their data. More information is available at changecybersupport.com or call the toll-free number – 1-866-262-5342 from Monday to Friday, 8 a.m. – 8 p.m. CT.
Change Healthcare has been providing free identity theft protection and credit monitoring services to the impacted persons for two years, although it is not required for HIPAA certification. An affiliate of the BlackCat ransomware group was behind the attack and likely kept a copy of the stolen data. The defunct BlackCat ransomware group operator likely kept a copy as well. The RansomHub ransomware group also claimed to have a copy of the stolen data. Considering the gravity of this security incident, all affected individuals should sign up for the free credit monitoring and identity theft services right away and get help from http://changecybersupport.com or call (888) 846-4705.
Several state attorneys general have released breach notifications and urged state residents to avail of the services immediately to safeguard themselves against identity theft and fraud. Other precautionary measures that all Americans should undertake include:
- Keep track of explanation of benefits statements provided by health plans and file a report in case of any problems
- Review financial accounts and credit card statements and promptly report any unauthorized transactions
- Report any criminal offenses to local regulatory authorities and submit a police report
- Watch out for these signs of prospective fraud:
Refusal of insurance coverage because of wrong pre-existing conditions
Notices from medical insurance companies about reaching the benefit limit
Charges for healthcare services that were not received
Notices from debt collection firms regarding debts that do not belong to them
Notices of medical debt collection for services that were not received