Consumer Notice: Change Healthcare Data Breach

In February 2024, hackers breached Change Healthcare’s IT systems, initiating a ransomware attack that compromised patient information.  The cyberattack led to widespread disruptions in payment and claims processing nationwide, placing significant strain on healthcare providers by hindering their ability to submit and receive payments promptly.


Change Healthcare has begun notifying consumers about potential exposure of patient information during the cyberattack. According to Change Healthcare, the compromised data may include names, addresses, health insurance details, and sensitive personal information such as Social Security numbers.


Change Healthcare, a subsidiary of UnitedHealth Group, facilitates the submission and processing of billions of insurance claims annually. In response to the data breach, UnitedHealth Group is offering free credit monitoring and identity theft protection for two years at no cost. More information can be found at UnitedHealth Group's dedicated page at https://www.unitedhealthgroup.com/ns/health-data-breach.html.


The Bureau has been monitoring the situation to be sure that Change Healthcare notifies consumers once it determined whose data was breached. 


The Bureau recognizes the challenges posed by cybersecurity incidents and remains dedicated to working constructively with UnitedHealth Group and Change Healthcare to mitigate impacts on consumers.  Consumers with questions are invited to call (800) 300-5000.