For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack.
First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led to widespread billing outages, as well as disruptions at pharmacies across the United States. Patients were left facing enormous pharmacy bills, small medical providers teetered on the edge of insolvency, and the government scrambled to keep the money flowing and the lights on. The ransomware group ALPHV claimed responsibility for the attack.
But shortly after, the ALPHV group disappeared in an unconvincing exit scam designed to make it look as if the FBI had seized control over the group’s website. Then a new ransomware group, RansomHub, listed the organization as a victim on its dark web leak site, saying it possessed 4 TB of “highly selective data,” relating to “all Change Health clients that have sensitive data being processed by the company.”
In April, parent company UnitedHealth Group released an update, saying:
> “Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America.”
Now, Change Healthcare has detailed the types of medical and patient data that was stolen. Although Change cannot provide exact details for every individual, the exposed information may include:
Change Healthcare added:
> “The information that may have been involved will not be the same for every impacted individual. To date, we have not yet seen full medical histories appear in the data review.”
Change Healthcare says it will send written letters—as long as it has a person's address and they haven't opted out of notifications—once it has concluded the data review.
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.
We don't just report on threats - we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect your—and your family's—personal information by using identity protection.