Affected by Change Healthcare/United Health data breach? You’re eligible for free credit monitoring

10 July 2024- Attorney General Michelle Henry is informing consumers that free credit monitoring and identity theft protection services are available to the many Pennsylvanians impacted by a February data breach of Change Healthcare — whose parent company is United Health, the nation’s largest health insurer.

Since the February data breach, Change Healthcare has not yet individually notified consumers regarding breach of their personal information, nor has the company publicized free resources and services that are available.

Attorney General Henry is advising that Change Healthcare is offering all Pennsylvania residents who believe they may have been impacted free credit monitoring and identity theft protections for two years.

“This data breach affected an estimated millions of Americans, and for the company to stay silent and minimize the widespread consumer impact is totally unacceptable,” Attorney General Henry said. “The breach involved stolen sensitive information and data, so consumers should do what they can to protect themselves going forward by utilizing these free services.”

Change Healthcare has publicly stated that the unprecedented data breach could impact up to one-third of all Americans. The cyberattack interrupted operations for thousands of doctors’ offices, hospitals, and pharmacies. It also resulted in Americans’ sensitive health and personal data being leaked onto the dark web

Change Healthcare is the nation’s biggest electronic data clearinghouse. Change Healthcare’s technological infrastructure is used by tens of thousands of providers, pharmacies, and insurers to verify insurance, confirm pre-authorization of procedures or services, exchange insurance claim data, and perform other administrative tasks essential to the delivery of health care.

In April, Attorney General Henry joined other Attorneys General in sending a letter to UnitedHealth Group, Inc., urging the corporation to take more meaningful action to better protect providers, pharmacies, and patients harmed by the recent breach.

Change Healthcare’s dedicated website and call center will not be able to provide individuals details about whether their data was breached but can guide them through getting set up for the free credit monitoring and identity theft protections. Since Change Healthcare has not yet provided notice to individuals and the impact is significant, the safest course of action is for everyone to assume that their information has been involved.

  • For information visit com.
  • To enroll in credit monitoring through IDX use the link at changecybersupport.com or call 1-888-846-4705.
  • For additional support from Change Healthcare call 1-866-262-5342.

Consumers should be aware of potential warning signs that someone is using their medical information. The signs include:

  • A bill from their doctor for services they did not receive;
  • Errors in their Explanation of Benefits statement like services they never received or prescription medications they do not take;
  • A call from a debt collector about a medical debt they do not owe;
  • Medical debt collection notices on their credit report that they do not recognize;
  • A notice from their health insurance company indicating they have reached their benefit limit; or
  • They are denied insurance coverage because their medical records show a pre-existing condition they do not have.

If consumers are concerned that their data may have been impacted but prefer not to use the free resources provided by Change Healthcare, they can also consider freezing their credit.

Cyberattacks in the healthcare sector have increased in both frequency and severity in recent years. Data breaches involving PHI are required to be reported to the U.S. Department of Health & Human Services – Office for Civil Rights (hhs.gov) by HIPAA-covered entities. Since the beginning of this year, the portal shows data breaches impacted the PHI of nearly 38 million individuals.