The number of victims impacted by the Change Healthcare data breach last year has nearly doubled, from 100 million to approximately 190 million, parent company UnitedHealth Group told TechCrunch last week.
In an email to CNET, the health insurer said, "The vast majority of those people have already been provided individual or substitute notice." A final number of impacted victims will be reported to the Office for Civil Rights at a later date.
What caused the Change Healthcare data breach?
UnitedHealth Group CEO Andrew Witty testified before Congress in May that a hacker group gained unauthorized access to the company's servers by obtaining an employee's login credentials. The bad actors then used the stolen credentials to log in to an application to remotely access desktops. Witty said the employee didn't have multifactor authentication enabled on the app.
The attack disrupted medical services across the country, impacting medical claims processing, payment platforms and pharmacy network services.
Change Healthcare, a UnitedHealth subsidiary and all-in-one health insurance technology provider that manages payments, claims processing and more, experienced a cyberattack in February 2024.
Impacted individuals, however, weren't limited to UnitedHealth policyholders. Change Healthcare, which works with many health insurance carriers, including Aetna, Anthem, Blue Cross Blue Shield and Cigna, has access to highly sensitive data of a massive quantity of users in the health care system.
During the same May hearing, Witty warned Congress that about one-third of Americans' data may have been compromised in the cyberattack. That number has seemingly increased to nearly one in every two Americans.
What personal information was compromised?
While UnitedHealth can't specify what data was compromised for each individual, a notice on its website said that the data could include Social Security and passport numbers, patient diagnoses, medical records, billing information and health insurance plan data.
UnitedHealth Group began notifying impacted individuals in July of 2024 and has since sent notifications to more than 100 million people who were affected. If you received one of these notifications, your data might have been compromised. You can call 1-866-262-5342 for additional support.
If you didn't receive a notification, be advised that Change Healthcare's notice states: "Given the ongoing nature and complexity of the data review, agents will not be able to provide any specifics on individual data impacted at this time."
What to do if your information was stolen in the Change Healthcare breach
Change Healthcare has a FAQ support page for people who may have been impacted by the breach. The company is offering IDX identity theft protection for up to two years. You can enroll on this page or call 1-888-846-4705 to sign up.
If the Change Healthcare breach impacted you, there are a number of other actions you should take to protect your identity:
✔️ Check your health care policy for any changes. If there are any errors or health care claims you don't recognize, contact your health plan provider or your doctor's office.
✔️ Check your credit reports. Review your credit reports regularly and look for unrecognized credit applications and new medical debt reports.
✔️ Monitor your bank accounts. The breach compromised billing and payment information, so monitor your credit and bank statements for suspicious activity.
✔️ Freeze your credit reports. Beyond just checking your credit reports, you might opt to freeze your credit reports with the three major credit bureaus, Equifax, Experian and Transunion. Putting a freeze on your credit prevents any new credit from being approved.
✔️ Sign up for identity theft services. After your two free years of IDX coverage expires, consider signing up for continued identity theft protection. These services can help monitor your bank and credit reports for you. They can also provide alerts when your data is found on the dark web as a result of future breaches. In the event your identity is stolen, identity theft services will provide insurance for any monetary expenses you might incur.
Protect your personal data and get peace of mind with CNET's top pick for identity theft software.
