Change Healthcare Data Breach Leakes Sensitive Personal Info

Update: As of July 31, 2025, an estimated 1.93 million individuals have been impacted by the Change Healthcare data breach. This includes 655,282 New Hampshire residents and 250 people in Texas. Updated disclosures were made to the New Hampshire, Massachusetts and Texas Attorney Generals' offices beginning on July 31, 2025.

On February 21, 2024, Change Healthcare Inc detected unauthorized activity within their computer system. The company immediately took steps to halt the activity and launched an investigation, enlisting a specialized team to assist. Law enforcement was also notified, and Change Healthcare temporarily shut down its systems to protect its clients and their data.

By March 7, 2024, it was determined that a cybercriminal had accessed and copied data from the system between February 17 and February 20, 2024. The company received secure files for review on March 13, 2024. The breach potentially exposed various types of sensitive information, including:

• Contact information (name, address, date of birth, phone number, email)
• Health insurance data (health plans/policies, insurance companies, member/group ID numbers, Medicaid-Medicare-government payor ID numbers)
• Health data (medical record numbers, doctors, diagnoses, medicines, test results, images, care, treatment)
• Billing, insurance claims, and payment data (claim numbers, account numbers, billing codes, payment cards, financial and banking information, balance)
• Other personal data (Social Security number, driver’s license or state ID number, other ID numbers)

The breach affected a significant number of individuals, and the information exposed could be used for identity theft or fraud, making this a severe incident.

Change Healthcare's Response

In response to the breach, Change Healthcare took several actions. They immediately began an investigation and engaged law enforcement. To further protect their clients, they enhanced their computer systems' security measures.

Additionally, Change Healthcare is offering affected individuals free credit monitoring and identity theft protection services for two years. Affected individuals can sign up for these services by calling 1-866-262-5342 and visiting changecybersupport.com.

Steps for Affected Individuals

If you believe you were affected by this data breach, it is crucial to take the following steps:

1. Enroll in Credit Monitoring and Identity Protection Services: Call 1-866-262-5342 to enroll in the free services offered by Change Healthcare. This will help you monitor your credit for any unusual activity.
2. Review Your Account Statements: Carefully check statements from healthcare providers, insurance companies, and financial institutions to ensure all activity is valid. Report any suspicious charges immediately.
3. Order Your Free Credit Report: Visit annualcreditreport.com or call (877) 322-8228 to request your free annual credit report. Review it for any accounts you did not open or other inaccuracies.
4. Place a Fraud Alert: Contact any of the three major credit bureaus—Equifax, Experian, or TransUnion—to place a fraud alert on your credit file. This will notify creditors to take extra steps to verify your identity before granting credit.
5. Consider a Security Freeze: A security freeze can prevent new credit accounts from being opened in your name without your permission. Contact Equifax, Experian, or TransUnion to place a freeze on your credit report.
6. Report Identity Theft: If you detect any unauthorized transactions, report them to your financial institution and local law enforcement. You can also contact the Federal Trade Commission at ftc.gov/idtheft for more information on protecting yourself from identity theft.