In February 2024, Change Healthcare -- a subsidiary of UnitedHealth Group that processes nearly one-third of all U.S. healthcare claims -- was hit by a devastating ransomware attack. The breach ultimately affected 192.7 million individuals, making it the largest healthcare data breach in American history. The stolen data included Social Security numbers, medical records, health insurance details, and billing information. If you received healthcare services in the United States, there is a significant chance your data was compromised. Here is what happened and exactly what you should do right now.
What Happened: The Change Healthcare Ransomware Attack
On February 21, 2024, the ALPHV/BlackCat ransomware gang launched an attack against Change Healthcare's systems. Change Healthcare is not a name most people recognize, but it is one of the largest healthcare technology companies in the world, acting as a critical middleman that processes insurance claims, manages prescriptions, and handles payments between healthcare providers and insurers.
The attack was catastrophic. Change Healthcare was forced to take its systems offline, which disrupted healthcare payment processing across the entire country for weeks. Hospitals, pharmacies, doctors' offices, and clinics could not process insurance claims or receive payments. Patients faced delays filling prescriptions and scheduling procedures.
UnitedHealth Group reportedly paid a $22 million ransom to the attackers. Despite this payment, the stolen data was not returned or destroyed -- there is no guarantee that paying a ransom ever results in data deletion.
What Data Was Stolen
The scope of the stolen data is staggering. Depending on the specific records Change Healthcare held for you, the compromised information may include:
- Full names and contact information (addresses, phone numbers, email addresses)
- Dates of birth
- Social Security numbers
- Medical information (diagnoses, treatments, medications, test results, medical record numbers)
- Health insurance details (plan names, policy numbers, member and group IDs, Medicaid and Medicare information)
- Billing and claims data (claim numbers, payment information, account numbers, balance details)
- Financial and banking information used for claims processing and payments
This Breach Is Uniquely Dangerous
Unlike a typical data breach that exposes passwords or email addresses, the Change Healthcare breach exposed the combination of medical records, Social Security numbers, and financial data. This creates a perfect storm for identity theft, medical fraud, insurance fraud, and targeted scams. Criminals can use this data to file fraudulent insurance claims, obtain prescription drugs in your name, open credit accounts, and even file fake tax returns. The risk is long-term and serious -- take immediate action even if you have not yet seen signs of misuse.
Immediate Steps to Protect Yourself
1. Freeze Your Credit at All Three Bureaus
With Social Security numbers exposed, freezing your credit is the most important single step you can take. A credit freeze prevents anyone from opening new credit accounts in your name. Place a freeze at all three major credit bureaus:
- Equifax: equifax.com/personal/credit-report-services/credit-freeze/
- Experian: experian.com/freeze/center.html
- TransUnion: transunion.com/credit-freeze
Credit freezes are free by federal law, do not affect your credit score, and can be temporarily lifted whenever you need to apply for legitimate credit.
2. Monitor Your Explanation of Benefits (EOBs) Carefully
Medical identity theft is one of the most serious risks from this breach. Criminals can use your stolen health insurance information to receive medical care, fill prescriptions, or file fraudulent insurance claims in your name. This is not just a financial problem -- it can also result in incorrect information being added to your medical records, which can affect your future care.
Review every Explanation of Benefits statement you receive from your health insurer. Look for:
- Medical services you did not receive
- Providers or facilities you have never visited
- Prescriptions you did not fill
- Dates of service when you were not seen by a doctor
- Bills or collection notices for medical care you did not receive
If you spot anything suspicious, contact your health insurer immediately and ask to file a medical identity theft report.
3. Watch Your Bank Accounts and Credit Card Statements
Since financial and banking information was also compromised, monitor your accounts closely. Set up real-time transaction alerts through your bank's app. Review statements line by line for unauthorized charges, even small ones -- criminals often test stolen financial data with small transactions before attempting larger fraud.
4. Check for Signs of Tax Identity Theft
Stolen Social Security numbers are frequently used to file fraudulent tax returns. If someone files a fake return in your name before you file your own, you will receive a rejection notice from the IRS. To protect yourself:
- File your tax returns as early as possible each year
- Consider requesting an IRS Identity Protection PIN (IP PIN) at irs.gov/ippin, which adds an extra layer of verification to your tax filings
- Respond immediately to any IRS correspondence about unfiled or duplicate returns
5. Enroll in Credit Monitoring
Change Healthcare offered affected individuals two years of free credit monitoring and identity protection through IDX. The enrollment deadline was August 26, 2025. If you missed that deadline, you can still monitor your credit independently. You are entitled to free weekly credit reports from all three bureaus through AnnualCreditReport.com. Review these regularly for accounts you do not recognize.
Request Your Medical Records
Under HIPAA, you have the right to request a copy of your medical records from your healthcare providers. Consider requesting your records now so you have a baseline. If a criminal later uses your identity to receive medical care, having a clean copy of your records will make it easier to identify and dispute fraudulent entries. Contact your primary care provider and any specialists you see to request copies.
Watch for Phishing and Scams
Criminals who have access to your medical and personal data can craft extremely convincing phishing attacks. After the Change Healthcare breach, be on guard for:
- Fake breach notifications that mimic official letters from Change Healthcare or UnitedHealth Group but direct you to malicious websites
- Phishing emails posing as your health insurer asking you to "verify" your policy information or update your payment details
- Phone calls from "Medicare" or "your insurance company" requesting your Social Security number or policy details
- Fake medical bills designed to trick you into paying money or providing financial information to scammers
Never click links in unexpected emails or texts about the breach. Go directly to official websites by typing the address into your browser.
File Complaints and Know Your Rights
The Change Healthcare breach has prompted significant legal and regulatory action. The U.S. Department of Health and Human Services (HHS) launched a HIPAA investigation into the breach. Multiple state attorneys general have filed lawsuits -- notably, a Nebraska AG lawsuit that survived a motion to dismiss. Numerous class action lawsuits are also ongoing on behalf of affected individuals.
You have the right to:
- File a complaint with HHS Office for Civil Rights (OCR) at hhs.gov/hipaa/filing-a-complaint if you believe your health data was not properly protected
- File a complaint with your state attorney general's office, which may be participating in legal action against UnitedHealth Group
- File an identity theft report with the FTC at IdentityTheft.gov if you experience any form of identity theft
- Join a class action lawsuit if you receive a notice about one -- check any correspondence carefully
How Data Brokers Amplify the Damage
When criminals obtain medical records and Social Security numbers from a breach like this, they cross-reference that data with personal information freely available on data broker sites. Data brokers collect and sell your name, home address, phone number, email, age, family members, and more. Combined with the Change Healthcare breach data, this gives criminals everything they need to impersonate you convincingly.
For example, a criminal who has your health insurance details from the breach can look up your home address on a data broker site, then call your insurer posing as you with enough details to pass security questions. Removing your data from these broker sites closes one of the key channels criminals use to weaponize breach data.
How PrivacyOn Helps After This Breach
You cannot undo the Change Healthcare breach or remove your medical records from criminal hands. But you can reduce the publicly available data that criminals use to exploit breach victims.
PrivacyOn removes your personal information from over 100 data broker sites that collect and sell your data. By eliminating these public records, you make it significantly harder for criminals to cross-reference your breached medical data with your current contact information, home address, and family details. PrivacyOn's dark web monitoring can also alert you if your data appears on the dark web, giving you early warning to take action before fraud occurs.
After a breach as massive and sensitive as the Change Healthcare attack, reducing your digital footprint is not just a privacy preference -- it is a critical layer of defense against identity theft and medical fraud that could affect you for years to come.