Local News

AG: ‘Unprecedented’ health data breach affects Mass., N.H.

The AGs admonished Change Healthcare for not notifying the public until months after the breach, which could have affected nearly a third of all Americans.

By Molly Farrar

July 10, 2024

1 minute to read

• Share
• ...

Share

Close

Send this article to your social connections.

• Email

  Email

• Facebook

  Facebook

• X

  X

• LinkedIn

  LinkedIn

• BlueSky

  BlueSky

• Threads

  Threads

• WhatsApp

  WhatsApp

• Copy Link

  Copy Link

• Share
• ...

Share

Send this article to your social connections.

• Email

  Email

• Facebook

  Facebook

• X

  X

• LinkedIn

  LinkedIn

• BlueSky

  BlueSky

• Threads

  Threads

• WhatsApp

  WhatsApp

• Copy Link

  Copy Link

Nearly a third of all Americans could have been impacted by an “unprecedented” data breach, with officials warning consumers that the company has not yet notified individuals affected.

The data breach happened in February to Change Healthcare, which is owned by UnitedHealth Group. CHC is the country’s largest middleman between insurance companies and health care providers, providing technology that providers use for administrative tasks like verifying insurance.

Change Healthcare didn’t specify what data was affected, but said it “may have included” basic personal details, health insurance information, health records, billing information, and even social security numbers, driver’s licenses, and passport numbers.

“Given the delay between the data breach and notification to those impacted, the Massachusetts Attorney General’s Office is publicizing not just the breach, but also resources, including the offer that Change Healthcare has provided to the public,” a statement from the office said.

The healthcare company is offering all Massachusetts and New Hampshire residents free credit monitoring and identity theft protections for two years, the AGs said. Consumers can also freeze their credit, which can be done for free at credit bureaus.

The homepage of CHC’s website says they are “determined to make things right.”

The company said on Feb. 21 they were notified of ransomware in their system and subsequently determined that “a substantial quantity of data” had been taken by cybercriminals between Feb. 17 and 20. They publicly confirmed the data breach on April 22.

Attorneys General Andrea Campbell in Massachusetts and John Formella in New Hampshire, along with 20 other AGs, wrote a letter to UnitedHealth’s CEO Andrew Witty April 25 to implore him to do more after the breach. The AGs said providers had been unable to complete prior authorizations, confirm benefits, and submit claims since the breach.

“To date, both Change Healthcare’s and UnitedHealth Group’s responses to the crisis have been inadequate,” the letter said. “… you have an obligation to take action to limit the harm to our states’ care providers and patients.”

Molly Farrar

Molly Farrar is a general assignment reporter for Boston.com, focusing on education, politics, crime, and more.

Want to leave a comment?

Create an Account Or sign in to your account

To comment, please create a screen name in your profile

To comment, please verify your email address

Conversation

This discussion has ended. Please join elsewhere on Boston.com