Change Healthcare Experiences Cybersecurity Issue, Raising Data Breach Concerns

Console and Associates, P.C.

On February 22, 2024, UnitedHealth Group Incorporated (“UHG”) filed a notice with the Securities and Exchange Commission after discovering that Change Healthcare, one of UHG’s subsidiaries, experienced a cybersecurity incident. In this notice, Change Healthcare explains that the incident is still under investigation. Upon completing its investigation, Change Healthcare will be required to send out data breach notification letters to anyone whose personal information was affected by the incident.

If you received a data breach notification from Change Healthcare, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Change Healthcare data breach. For more information, please see our recent piece on the topic here.

Was There a Change Healthcare Data Breach?

The short answer is that it’s too soon to tell if there was a Change Healthcare data breach. The Change Healthcare cybersecurity incident was only recently announced, and more information is expected in the near future. However, Change Healthcare’s filing with the Securities and Exchange Commission provides some important information on what led up to the breach. According to this source, on February 21, 2024, Change Healthcare determined that an unauthorized party had gained access to portions of the company’s IT network.

In response, Change Healthcare isolated the impacted systems and began working with cybersecurity experts to investigate the incident. However, due to the recency of the Change Healthcare cyberattack, the company’s investigation will take some time to complete. At this point, Change Healthcare’s parent company, UnitedHealth Group, explains that it believes the incident was limited to Change Healthcare’s systems and did not impact other Optum or UnitedHealth Group systems.

On February 22, 2024, Change Healthcare notified the Security and Exchange Commission, as required under federal law. If the Change Healthcare investigation confirms that patient data was leaked as a result of the incident, it will be required to send out data breach letters to those patients whose confidential information was exposed to unauthorized access. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Change Healthcare

Change Healthcare is a healthcare technology company based out of Nashville, Tennessee. Change Healthcare is a subsidiary of Optum, which is owned by UnitedHealth Group Incorporated. Change Healthcare employs more than 14,000 people and generates approximately $3.5 billion in annual revenue.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide