Marylanders should assume that their personal health care information was included in a recent wide-reaching data breach and should take steps to protect their identity and health information as a precaution, the attorney general’s office said Thursday.
Change Healthcare, the nation’s biggest electronic data clearinghouse and a unit of UnitedHealth, was the victim of a ransomware attack in February that “interrupted operations for thousands of doctor’s offices, hospitals and pharmacies,” according to the press release.
The attack also resulted in health and personal data has been leaked onto the “dark web,” a corner of the internet where individuals can anonymously communicate and is often used to engage in illegal activities. The attorney general’s statement said it is not clear which patients may have been affected, or how many, but that “Change Healthcare has publicly stated that the data breach could impact up to one-third of all Americans.”
Change Healthcare recently posted a notice to its website about the data breach and will send out letters to some affected individuals on July 20.
“We continue to make progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and the Change Healthcare services, while continuing to expand financial assistance to affected providers, ” according to the recent notice.
The hacked data includes but is not limited to patient contact information, health insurance information, health records, test results, billing and claims information, and even personal identification such as Social Security numbers, driver’s licenses and passport numbers, Change Healthcare said.
An investigation on the attack is ongoing, and the company said it will release additional information on the scope of the cyberattack as the review continues.
In the meantime, Change Healthcare is offering two years of complimentary credit monitoring and identity protection services. It is urging individuals to regularly monitor their explanation of benefits statement, as well as bank charges and tax returns, to ensure there is no unauthorized activity.
Maryland Attorney General Anthony Brown said that as a precaution, Marylanders should take steps to protect their financial information and their identity.
“Marylanders should assume their data was included in the breach and consider signing up for the free credit monitoring and identity theft protections” by calling Change Healthcare or visiting its website, Brown warns in the written statement.
