Indiana Attorney General Todd Rokita has issued a warning to residents about the potential theft of their personal health care information following a significant cyberattack. The breach, involving Change Healthcare/UnitedHealth, may have affected approximately 110 million Americans.
For several months, Change Healthcare failed to inform the public about the possible theft of sensitive data such as health insurance records, banking information, Social Security numbers, and medical records. In response, Rokita’s Data Privacy and ID Theft team advises Indiana residents to monitor their health plan statements and billing information for any unusual activity. Additionally, Change Healthcare is offering free credit monitoring and ID theft protection services through IDX; residents can enroll by calling 1-888-846-4705.
“The protection of your private medical records and personal health care information is of utmost importance to our office," said Attorney General Rokita. "You have the right to request a credit freeze and numerous other preventative ID theft services – free of charge – from this irresponsible health care handler.”
Change Healthcare processes 15 billion healthcare transactions annually and reported that one in three Americans might be affected by this BlackCat ransomware attack. The hacker group allegedly obtained millions of private medical records stored by Change Healthcare.
“Our office will continue to pressure companies like Change Healthcare to hold Hoosiers’ data privacy at the highest standards -- and know that we will hold all healthcare operators accountable for any and all breaches,” added Rokita.
Change Healthcare indicated that affected individuals might receive notification letters in late July; however, the company first became aware of the cyberattacks on February 21, 2024. The attackers claim patient data was stolen before this date, yet many patients remain uninformed about their compromised information.
Companies like UnitedHealth are legally required to report all data breaches involving protected health information (PHI) to the U.S. Department of Health & Human Services. Despite this requirement, Rokita’s office states that the full extent of these breaches remains unclear.
Consumers should be vigilant for signs that someone may be using their medical information fraudulently. If concerned about potential impacts but preferring not to use Change Healthcare's resources, individuals can also consider freezing their credit with Experian, Equifax, and TransUnion.