Change Healthcare to start notifying customers who had data exposed in cyberattack

Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack.

The company also said Thursday that it expects to begin notifying individuals or patients in late July.

Change Healthcare, a subsidiary of health care giant UnitedHealth Group, provides technology used to submit and process billions of insurance claims a year. Hackers gained access in February to its system and unleashed a ransomware attack that encrypted and froze large parts of it.

The attack triggered a disruption of payment and claims processing around the country, stressing doctor’s offices and health care systems by interfering with their ability to file claims and get paid.

Change says names, addresses, health insurance information and personal information like Social Security numbers may have been exposed in the attack. The company is still investigating.

It said Thursday that it has reviewed more than 90% of impacted files and has seen no signs that doctors’ charts or full medical histories were taken.

After the attack, UnitedHealth paid a $22 million ransom in bitcoin, CEO Andrew Witty has said.

Witty said during Congressional hearings last month that all of the company’s core systems, including claims payment and pharmacy processing, were functional.

The company has been offering to pay for two years of credit monitoring and identity theft protection for people worried that their information may have been exposed in the attack.

___

The Associated Press Health and Science Department receives support from the Howard Hughes Medical Institute’s Science and Educational Media Group. The AP is solely responsible for all content.