Change Healthcare has mailed the first of what are likely to be millions of data breach notifications following a February ransomware attack.
The UnitedHealth Group claims processing subsidiary sent the letters to 250 individuals in Texas, according to an Aug. 5 posting by the Texas Office of the Attorney General.
"Change Healthcare has begun mailing written notices to individuals affected by the cybersecurity incident and follows the process we announced in June," a company spokesperson emailed Becker's. "Change Healthcare is committed to notifying potentially impacted individuals as quickly as possible, on a rolling basis, given the volume and complexity of the data involved."
Letters dated Aug. 5 have started arriving in Minnesota as well, the Star Tribune reported Aug. 14. "We are sorry to tell you about a privacy event," read a letter viewed by the Minneapolis newspaper. "We work with many doctors, health insurance plans, and other health companies to help provide health services or benefits. This event may have involved your data."
The cyberattack on Change, which handles an estimated 1 in 3 healthcare transactions in the U.S., disrupted claims and payment processing for providers across the country. In testimony before Congress, UnitedHealth Group CEO Andrew Witty estimated that the data of about a third of Americans was breached in the hack.
"The data review is in its final stages, but we have analyzed a sufficient amount of data to start notifying," the spokesperson told Becker's.