‘Deeply concerning’: AGs in Mass., NH warn residents of unprecedented healthcare data breach

BOSTON — Massachusetts Attorney General Andrea Joy Campbell and New Hampshire Attorney General John M. Formella are warning New England residents of an “unprecedented data breach” linked to a cyberattack that interrupted operations at thousands of doctors’ offices, hospitals, and pharmacies across the region and country.

Change Healthcare, a unit of UnitedHealth, the nation’s largest electronic data clearinghouse, experienced a significant cyberattack in February, according to Campbell and Formella. Change is used by tens of thousands of providers, pharmacies, and insurers to verify insurance, confirm pre-authorization of procedures or services, exchange insurance claim data, and perform other administrative tasks.

The attack resulted in Americans’ sensitive health and personal data being leaked onto the dark web. Although the actual number and identity of affected patients are currently unknown, Change has publicly stated that the data breach could impact up to a third of all Americans.

Consumers typically receive an individualized letter or email if their data was impacted in a cyberattack but because Massachusetts and New Hampshire residents have yet to be notified, Campbell and Formella said they wanted to share consumer protection reminders and raise awareness about the availability of free credit monitoring and identity theft protection services following the breach.

The significant impact of the situation, coupled with the fact that Change has not yet provided notice to impacted individuals, the safest course of action is for everyone to assume that their information has been involved, Campbell and Formella advised.

“This data breach is deeply concerning. Thousands of healthcare providers, pharmacies, and insurers rely on Change Healthcare’s services, making the exposure of sensitive health and personal data to cybercriminals a significant threat to public trust and security. Despite the magnitude of this breach, the delay in notifying affected individuals is unacceptable. Alongside my counterparts from across the country, I have called upon UnitedHealth Group to take swift and meaningful action to protect those impacted and prevent future breaches,” Formella said in a statement. “In the meantime, it is crucial that individuals remain vigilant and monitor any suspicious activity related to their medical or financial information. We will continue to advocate for consumer rights and hold accountable those responsible for this breach.”

Change is now offering all Massachusetts and New Hampshire residents who believe they may have been impacted free credit monitoring and identity theft protections for two years:

Consumers should be aware of potential warning signs that someone is using their medical information. The signs include:

  • A bill from their doctor for services they did not receive.
  • Errors in their Explanation of Benefits statement like services they never received or prescription medications they do not take.
  • A call from a debt collector about a medical debt they do not owe.
  • Medical debt collection notices on their credit report that they do not recognize.
  • A notice from their health insurance company indicating they have reached their benefit limit; or
  • They are denied insurance coverage because their medical records show a pre-existing condition they do not have.

If consumers are concerned that their data may have been impacted but prefer not to use the free resources provided by Change Healthcare, they can also consider freezing their credit.

The incident remains under investigation.

Download the FREE Boston 25 News app for breaking news alerts.

Follow Boston 25 News on Facebook and Twitter. | Watch Boston 25 News NOW

Comments on this article