Change Healthcare has started informing healthcare organizations, insurers and other entities whose data was breached in a February ransomware attack, the company said June 20.
Change, a subsidiary of UnitedHealth Group, has reviewed more than 90% of affected files. Information potentially exposed in the attack includes names, addresses, health insurance information and Social Security numbers. To date, there is no evidence that medical charts or full medical histories were leaked in the breach.
The company said it is still investigating the breach and may identify more customers whose data was compromised. In late April, the company said data stolen by hackers likely covers "a substantial proportion of people in America." Change will start notifying individual patients affected by the breach in late July.
"Change Healthcare remains in regular communication with the U.S. Department of Health and Human Services, Office for Civil Rights and other regulators regarding our notification process," the company told Becker's. "The media notice and substitute notification posted today is the next step in the process and consistent with the ongoing communication we have been providing regarding this cyberattack against Change Healthcare and the U.S. healthcare system. While the data review is in its late stages, we continue to provide credit monitoring and identity theft protection to people concerned about their data potentially being impacted. "