Change Healthcare, a subsidiary of UnitedHealth Group, said it has "substantially" completed identifying and notifying individuals affected by the Feb. 21 ransomware attack.
"The review of personal information potentially involved in this incident is substantially complete," the company wrote in a Jan. 14 update on its website.
Change Healthcare has been notifying potentially affected individuals since June 2024 to inform them about the incident, explain the possible impact on their data, and provide resources for protecting their privacy. These resources include two years of complimentary credit monitoring and identity theft protection services for those who believe their information was compromised.
Notifications, according to the company, began in July 2024 and will continue as directed by healthcare providers and insurers working with Change Healthcare.
Notices were sent to affected customers on June 20, Aug. 8, Sept. 16, Nov. 21 and Dec. 4. The company said it does not expect to identify additional affected customers.
The cyberattack on Change Healthcare disrupted financial operations for hospitals, insurers, pharmacies and medical groups nationwide.