Change Healthcare reaches milestone in breach response

Change Healthcare, a subsidiary of UnitedHealth Group, said it has "substantially" completed identifying and notifying individuals affected by the Feb. 21 ransomware attack.

"The review of personal information potentially involved in this incident is substantially complete," the company wrote in a Jan. 14 update on its website.

Change Healthcare has been notifying potentially affected individuals since June 2024 to inform them about the incident, explain the possible impact on their data, and provide resources for protecting their privacy. These resources include two years of complimentary credit monitoring and identity theft protection services for those who believe their information was compromised.

Notifications, according to the company, began in July 2024 and will continue as directed by healthcare providers and insurers working with Change Healthcare.

Notices were sent to affected customers on June 20, Aug. 8, Sept. 16, Nov. 21 and Dec. 4. The company said it does not expect to identify additional affected customers.

The cyberattack on Change Healthcare disrupted financial operations for hospitals, insurers, pharmacies and medical groups nationwide.

Copyright © 2025 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


You can unsubscribe from these communications at any time. For more information, please review our Privacy Policy
.
 

Articles We Think You'll Like