Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Change Healthcare to start notifying customers who had data exposed in cyberattack

Pages from the United Healthcare website are displayed on a computer screen.
Patrick Sison
/
AP
Change Healthcare, a subsidiary of health care giant UnitedHealth Group, provides technology used to submit and process billions of insurance claims a year. Hackers gained access in February to its system and unleashed a ransomware attack that encrypted and froze large parts of it.

Change Healthcare says it has reviewed more than 90% of impacted files and has seen no signs that doctors’ charts or full medical histories were taken in the February ransomware attack.

Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack.

The company also said Thursday that it expects to begin notifying individuals or patients in late July.

Change Healthcare, a subsidiary of health care giant UnitedHealth Group, provides technology used to submit and process billions of insurance claims a year. Hackers gained access in February to its system and unleashed a ransomware attack that encrypted and froze large parts of it.

The attack triggered a disruption of payment and claims processing around the country, stressing doctor’s offices and health care systems by interfering with their ability to file claims and get paid.

According to the Florida Hospital Association, the state has over 100 hospitals that directly contract with Change Healthcare.

Change said names, addresses, health insurance information and personal information like Social Security numbers may have been exposed in the attack. The company is still investigating.

It said Thursday that it has reviewed more than 90% of impacted files and has seen no signs that doctors’ charts or full medical histories were taken.

After the cyberattack, UnitedHealth paid a $22 million ransom in bitcoin, CEO Andrew Witty has said.

Witty said during congressional hearings last month that all of the company’s core systems, including claims payment and pharmacy processing, were functional.

The company has been offering to pay for two years of credit monitoring and identity theft protection for people worried that their information may have been exposed in the attack.