Change Healthcare, the nation’s largest medical bill clearinghouse, started notifying providers and insurers on June 20 whether their patients’ or members’ data was compromised in a February 2024 cyberattack. The breach notifications come after the Department of Health and Human Services’ Office for Civil Rights clarified last month that providers could delegate the burdensome requirement of notifying affected patients to Change Healthcare. The company will provide patients with a link to a website to help them with any questions.
According to the company’s review, more than 90 percent of affected files and found no evidence that doctors’ charts or full medical histories exposed, however, the compromised data taken likely includes individuals’ contact and health insurance information and billing claims and potentially even Social Security numbers. Andrew Witty, CEO of UnitedHealth Group, which owns Change Healthcare, told the House Energy & Commerce Committee in May he suspected the ransomware attack led to the leaking of sensitive health information of one-third of Americans.