Secure your business

Change Healthcare Ransomware Attack: Data Review Nears Completion

Computer screen with cybersecurity codes in a dark setting.

Change Healthcare has announced that the review of data impacted by a significant ransomware attack is now substantially complete. The breach, which occurred nearly 11 months ago, affected the sensitive information of approximately 100 million individuals, marking it as one of the largest healthcare data breaches in history.

Key Takeaways

  • Change Healthcare’s data review is nearly complete, with ongoing notifications to affected individuals.
  • The breach involved the theft of personal and health information of around 100 million individuals.
  • Change Healthcare is enhancing security measures and offering credit monitoring services to affected individuals.

Overview Of The Ransomware Attack

On February 21, 2024, Change Healthcare’s network was breached by a ransomware group, leading to the theft of extensive personal and protected health information. The attack was executed through a Citrix portal that lacked multifactor authentication, allowing hackers to gain unauthorized access and encrypt files.

Ongoing Notifications

Since the breach was discovered, Change Healthcare has been notifying affected customers in phases. The first notifications were sent out on June 20, 2024, with subsequent updates issued throughout the year. As of January 14, 2025, the company stated that it does not expect to identify any additional affected customers, although individual notifications are still being mailed to those whose data was compromised.

Security Enhancements

In response to the attack, Change Healthcare has reinforced its security policies and procedures. A third-party firm has been engaged to monitor the dark web for any potential leaks of the stolen data. Additionally, the company is offering complimentary credit monitoring services for two years to individuals affected by the breach.

Legal and Financial Implications

The breach has led to significant legal repercussions, including a lawsuit filed by the Nebraska Attorney General against Change Healthcare. The lawsuit alleges that the company failed to implement adequate security measures, resulting in substantial harm to residents. The financial impact of the attack is estimated to reach $2.87 billion in 2024, affecting both Change Healthcare and its parent company, UnitedHealth Group.

Conclusion

The Change Healthcare ransomware attack serves as a stark reminder of the vulnerabilities within the healthcare sector. As the company continues to navigate the aftermath of this incident, it is crucial for healthcare organizations to prioritize cybersecurity measures to protect sensitive patient information from future attacks.

Sources

Leave a Reply

Your email address will not be published. Required fields are marked *