CPM Investigating Massive Data Breach by United Health Group and its Subsidiary, Change Healthcare

HAVE YOU RECEIVED A NOTICE FROM UHG OR CHANGE HEALTHCARE THAT YOUR PRIVATE HEALTH INFORMATION (PHI) AND/OR PERSONAL IDENTIFYING INFORMATION (PII) WAS COMPROMISED IN A DATA BREACH?

You may be entitled to compensation from a class action lawsuit.

Cotchett Pitre & McCarthy is investigating a massive data breach disclosed by United Health Group (UHG) and its subsidiary Change Healthcare. UHG handles over 14 billion medical transactions in the U.S. annually. On February 21, 2024, it disclosed an extensive cyber-attack impacting private health insurance subscribers and service providers.

Change Healthcare systems were attacked by a Russian ransomware gang, which gained access to their networks and removed tens of millions of records relating to patients and responsible payers that were stored in Change Healthcare’s patient databases. The victims of the breach include hospitals, health providers, pharmacies, and millions of patients in their care.

The breach has wreaked havoc throughout the US medical systems because in addition to exposing millions of patients’ private health and financial records, tens of thousands of medical facilities and practitioners are unable to get reimbursements from insurers. United Health Group is the largest health insurer in the United States and many of its critical systems have been taken offline, including systems to process prescription-drug claims, resulting in patients being unable to fill their mediations without paying cash out-of-pocket. Further compounding the problems and directly affecting patients, tens of thousands of providers, hospitals and pharmacies cannot access patient records to approve care requests.

According to the American Hospital Association, the data breach is “the most significant and consequential incident of its kind against the U.S. health care system in history.” Yet Change Healthcare and UHG have done far too little in response and done it too late.

Companies like UHG and Change Healthcare must do more to protect patients’ valuable PHI and PII. Consumers deserve to have their information protected and when mega corporations like UHG and Change Healthcare fall short of their obligations, patients are entitled to compensation. If you received notice of the UHG/Change Healthcare breach, please contact us at (650) 697-6000,  DataBreach@cpmlegal.com, or by clicking on the following secure CONTACT US link for your free, no obligation consultation.

For more information about the risk associated with data breaches:

Dave Maxfield & Bill Latham, Data Breaches: Perspectives from Both Sides of the Wall, 25 S.C. Lawyer 28-35 (May 2014)

For more information about the UHG Data Breach and Blackcat:

Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant, DOJ (Dec. 19, 2023), 

James Farrell, Change Healthcare Blames ‘Blackcat’ Group for Cyber Attack That Disrupted Pharmacies and Health Systems, FORBES (Feb. 29, 2024, 1:18 PM), 

MMRG Notifies Patients of Cybersecurity Incident, Business Wire (Feb. 6, 2024, 5:30 PM), 

Zack Whittaker, UnitedHealth confirms ransomware gang behind Change Healthcare hack amid ongoing pharmacy outages, Tech Crunch (Feb. 29, 2024, 9:15 AM),

Class action lawsuits pile up over UnitedHealth data breach, Reuters (Mar. 13, 2024, 2:04 PM).