Consumer Alert: Health records of 1 in 3 Americans potentially exposed in Change Healthcare hack
ROCHESTER, N.Y. – Just one company, Change Healthcare, processes half the medical claims filed in this country. And that company has experienced a massive data breach. That’s the topic of this consumer alert.
Change Healthcare is a division of UnitedHealthcare Group. But to be clear, Change Healthcare is the nation’s biggest electronic healthcare payment system, processing 15 billion transactions annually for health insurers across the country. So, you don’t have to be a United Healthcare customer to have potentially been affected by this breach.
In fact, if you’ve ever filed an insurance claim, your payment may have been processed by Change Healthcare. One in three patient records passes through its system, providing payments for 900,000 doctors, 33,000 pharmacies, 5500 hospitals, and 600 laboratories. The impact of that data breach has already been massive and could get much worse.
In February the company discovered it had been hacked. And because Change has such a huge role in the American healthcare system, medical facilities have been hit especially hard. Initially, thieves held the data hostage. Change couldn’t process insurance claims, and health facilities couldn’t get paid.
Last week, UnitedHealthcare Group finally acknowledged the rumors that have been swirling for weeks; it did pay the hackers a ransom. While United won’t confirm how much it paid, a post on a hacker forum states it was $22 million.
But the system still isn’t up to speed. So, on Monday, Attorney-General Letitia James announced that she was part of a coalition of 22 attorneys-general, calling on UnitedHealthcare Group to better protect patients. James says millions of New Yorkers haven’t been able to schedule appointments or fill prescriptions. And some small community clinics are close to shutting their doors. Among the many demands the AGs are making, they’re calling on UnitedHealthcare to expand financial assistance to healthcare providers and suspend pre-authorization so that patients can get access to care.
Now, let me address the question of our personal information, including medical files. UnitedHealthcare leaders have said it will take months for them to figure out exactly how many of us were compromised and notify everyone. So, it’s best to assume our data is in the hands of cyberthieves.
Here’s Deanna’s Do List to protect your identity.
- Freeze your credit with all three bureaus.
- Monitor your credit report with all three bureaus. You can now get a report once a week for free.
- Create strong passwords for your accounts. It’s helpful if you use a good password manager like Bitwarden which is free or one password which is $3 a month.
- Use two-factor authentication. Use an authenticator app that makes two-factor authentication easy.
- Never use public Wi-Fi