UnitedHealth Outlines Records Affected by Change Healthcare Ransomware Attack

June 24, 2024

UnitedHealth is starting the process to notify customers whose information was affected by the February attack on Change Healthcare.

In an update last week, the company provided additional background on the ransomware attack that caused industry-wide disruption and its plans to notify affected providers and individuals.

“Change Healthcare is providing this notice now to help individuals understand what happened, let them know that their information may have been impacted, and give them information on steps they can take to protect their privacy, including enrolling in two years of complimentary credit monitoring and identity theft protection services if they believe that their information may have been impacted,” the notice said.

Here's what you need to know:

• By type:  The company said it could not confirm all the data that had been affected but said it included health insurance information; billing, claims, and payment information; and other personal information (social security numbers, driver’s licenses or state identification numbers, passport numbers, etc.).
• Scope:  The update did not provide a definitive account of the affected information, but said it covers “a substantial proportion of people in America.”
• What to do:  The company is offering two years of complimentary credit monitoring and identify protection services for individuals who believe their information has been affected.
  • Individuals also should monitor their benefits statements, bank and credit card statements, credit reports, and tax returns for any unfamiliar activity and report concerns to law enforcement.
• Next steps:  Change Healthcare plans to identify affected individuals and start mailing notices by late July as the company completes its quality assurance review. 
• Substitute notice:   In addition to starting the formal notification process for affected customers, the company has offered a general substitute notice “so that other customers can provide information to their patients/members even if they have not been identified as impacted.”

The substitute notice is available to review online.

HAP continues to monitor the latest cybersecurity developments and provide updates to members. HAP created a one-stop shop to offer the latest resources online, including exclusive member-only information (login required).