Change Healthcare, a leading provider of payment and revenue cycle management tools, has announced that it has facilitated more than 15 billion transactions annually, and one in every three patient records passes through its systems. This means that even patients who are not UnitedHealth customers could have been affected by the recent cyber attack on the healthcare giant.
UnitedHealth said in a release Monday that it has determined that the cyberthreat actors accessed files containing protected health information and personally identifiable information. The files “could cover a substantial proportion of people in America,” the release said. The company added that 22 screenshots, allegedly of the compromised files, have been uploaded to the dark web. However, no other data has been published, and UnitedHealth has not seen evidence that doctors’ charts or full medical histories were accessed in the breach.
UnitedHealth CEO Andrew Witty said in the release that the company is committed to doing everything possible to help and provide support to anyone who may need it. Concerned patients can visit a dedicated website for access to resources, and UnitedHealth has launched a call center that will offer free identity theft protections and credit monitoring for two years. However, the call center will not be able to offer any details about individual data impact given the “ongoing nature and complexity of the data review.”
