UnitedHealth Subsidiary Reports Major Data Breach Affecting Millions of Americans

UnitedHealth Subsidiary Reports Major Data Breach Affecting Millions of Americans

Four months after a significant cyberattack forced its systems offline, a UnitedHealth subsidiary, Change Healthcare, has disclosed a major data breach. In a recent notification, Change Healthcare revealed that a “substantial quantity of data” was stolen, impacting a “substantial proportion of people in America.” Earlier this year, UnitedHealth’s CEO Andrew Witty estimated that “maybe a third” of all Americans might have been affected by the breach.

The breach notification highlights the severity of the situation. Change Healthcare stated, “While Change Healthcare cannot confirm exactly what data has been affected for each impacted individual, information involved for affected individuals may have included contact information (such as first and last name, address, date of birth, phone number, and email).” This means that millions of individuals could be at risk of identity theft and other forms of fraud.

The stolen data is not limited to basic contact information. CHANGE HEALTHCARE further explained that the data exfiltrated could include sensitive health insurance information, such as insurance plans, companies, Medicaid-Medicare-government payor ID numbers, and detailed health information like test results, diagnoses, and medical record numbers. Billing and claims information, which may include financial or banking information, balance and payments due, and account numbers, were also compromised. In addition, highly sensitive personal data, such as driver’s licenses and social security numbers, were potentially stolen.

Change Healthcare has acknowledged the complexity and breadth of the breach. “The information that may have been involved will not be the same for every impacted individual. To date, we have not yet seen full medical histories appear in the data review,” Change Healthcare said. This indicates that while some individuals might only have basic contact information exposed, others could have a more comprehensive set of their personal data compromised.

Moreover, Change Healthcare noted that the stolen information might also pertain to guarantors who paid healthcare bills on behalf of patients. “Also, some of this information may have related to guarantors who paid bills for healthcare services. A guarantor is the person who paid the bill for healthcare services,” the notification stated. This means that even individuals who are not direct patients of Change Healthcare but have financial ties to them could be affected.

Since June 20, Change Healthcare has been actively notifying its affected customers about the breach. The company is providing a link to the substitute notice for other customers to inform them of what happened. “The review of personal information potentially involved in this incident is in its late stages,” Change Healthcare said, indicating that they are nearing the end of their investigation into the breach.

In an effort to assist those impacted, Change Healthcare is taking steps to mitigate the damage caused by the breach. “Change Healthcare is providing this notice now to help individuals understand what happened, let them know that their information may have been impacted, and give them information on steps they can take to protect their privacy, including enrolling in two years of complimentary credit monitoring and identity theft protection services if they believe that their information may have been impacted.” This move aims to provide a level of protection for individuals as they navigate the potential fallout from the breach.

The CHANGE HEALTHCARE data breach is a stark reminder of the vulnerabilities in the healthcare sector’s cybersecurity infrastructure. As personal and sensitive data continue to be prime targets for cybercriminals, it underscores the importance for organizations to strengthen their defenses and for individuals to stay vigilant about their personal information. The full extent of the impact remains to be seen, but CHANGE HEALTHCARE’s ongoing efforts to notify and assist affected individuals is a critical step in addressing the breach.

About the Author:

Timothy Powell is a nationally recognized expert on regulatory matters including the False Claims Act, Zone Program Integrity Contractor audits and OIG compliance. He is a member of the RACmonitor editorial board.

Contact the Author:

tpowell@tpowellcpa.com

Facebook
Twitter
LinkedIn

Timothy Powell, CPA, CHCP

Timothy Powell is a nationally recognized expert on regulatory matters, including the False Claims Act, Zone Program Integrity Contractor (ZPIC) audits, and U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) compliance. He is a member of the RACmonitor editorial board and a national correspondent for Monitor Mondays.

Related Stories

SNFs Under Scrutiny

SNFs Under Scrutiny

Some of you may have noticed that I am not always very nice to some insurance companies. And deservedly so. But I also point out

Read More

Leave a Reply

Please log in to your account to comment on this article.

Featured Webcasts

Comprehensive Inpatient Clinical Documentation Integrity: From Foundations to Advanced Strategies

Comprehensive Outpatient Clinical Documentation Integrity: From Foundations to Advanced Strategies

Optimize your outpatient clinical documentation and gain comprehensive knowledge from foundational practices to advanced technologies, ensuring improved patient care and organizational and financial success. This webcast bundle provides a holistic approach to outpatient CDI, empowering you to implement best practices from the ground up and leverage advanced strategies for superior results. You will gain actionable insights to improve documentation quality, patient care, compliance, and financial outcomes.

September 5, 2024
Advanced Outpatient Clinical Documentation Integrity: Mastering Complex Narratives and Compliance

Advanced Outpatient Clinical Documentation Integrity: Mastering Complex Narratives and Compliance

Enhancing outpatient clinical documentation is crucial for maintaining accuracy, compliance, and proper reimbursement in today’s complex healthcare environment. This webcast, presented by industry expert Angela Comfort, DBA, RHIA, CDIP, CCS, CCS-P, will provide you with actionable strategies to tackle complex challenges in outpatient documentation. You’ll learn how to craft detailed clinical narratives, utilize advanced EHR features, and implement accurate risk adjustment and HCC coding. The session also covers essential regulatory updates to keep your documentation practices compliant. Join us to gain the tools you need to improve documentation quality, support better patient care, and ensure financial integrity.

September 12, 2024

Foundations of Outpatient Clinical Documentation Integrity: Best Practices for Accurate Coding and Compliance

This webcast, presented by Angela Comfort, DBA, RHIA, CDIP, CCS, CCS-P, a recognized expert with over 30 years of experience, offers essential strategies to improve outpatient clinical documentation integrity. You will learn how to enhance the accuracy and completeness of patient records by adopting best practices in coding and incorporating Social Determinants of Health (SDOH). The session also highlights the role of technology, such as EHRs and CDI software, in improving documentation quality. By attending, you will gain practical insights into ensuring precise and compliant documentation, supporting patient care, and optimizing reimbursement. This webcast is crucial for those looking to address documentation gaps and elevate their coding practices.

September 5, 2024
Preventing Sepsis Denials: From Recognition to Clinical Validation

Preventing Sepsis Denials: From Recognition to Clinical Validation

ICD10monitor has teamed up with renowned CDI expert Dr. Erica Remer to bring you an exclusive webcast on how to recognize sepsis, how to get providers to give documentation that will support sepsis, and how to educate to avert sepsis denials. Register now and become a crucial piece of the solution to standardizing sepsis clinical practice, documentation, and coding at your facility.

August 22, 2024

Trending News

Featured Webcasts

Patient Notifications and Rights: What You Need to Know

Patient Notifications and Rights: What You Need to Know

Dr. Ronald Hirsch provides critical details on the new Medicare Appeal Process for Status Changes for patients whose status changes during their hospital stay. He also delves into other scenarios of hospital patients receiving custodial care or medically unnecessary services where patient notifications may be needed along with the processes necessary to ensure compliance with state and federal guidance.

December 5, 2024
Navigating the No Surprises Act & Price Transparency: Essential Insights for Compliance

Navigating the No Surprises Act & Price Transparency: Essential Insights for Compliance

Healthcare organizations face complex regulatory requirements under the No Surprises Act and Price Transparency rules. These policies mandate extensive fee disclosures across settings, and confusion is widespread—many hospitals remain unaware they must post every contracted rate. Non-compliance could lead to costly penalties, financial loss, and legal risks.  Join David M. Glaser Esq. as he shows you how to navigate these regulations effectively.

November 19, 2024
Post Operative Pain Blocks: Guidelines, Documentation, and Billing to Protect Your Facility

Post Operative Pain Blocks: Guidelines, Documentation, and Billing to Protect Your Facility

Protect your facility from unwanted audits! Join Becky Jacobsen, BSN, RN, MBS, CCS-P, CPC, CPEDC, CBCS, CEMC, and take a deep dive into both the CMS and AMA guidelines for reporting post operative pain blocks. You’ll learn how to determine if the nerve block is separately codable with real life examples for better understanding. Becky will also cover how to evaluate whether documentation supports medical necessity, offer recommendations for stronger documentation practices, and provide guidance on educating providers about documentation requirements. She’ll include a discussion of appropriate modifier and diagnosis coding assignment so that you can be confident that your billing of post operative pain blocks is fully supported and compliant.

October 24, 2024
The OIG Update: Targets and Tools to Stay in Compliance

The OIG Update: Targets and Tools to Stay in Compliance

During this RACmonitor webcast Dr. Ronald Hirsch spotlights the areas of the OIG’s Work Plan and the findings of their most recent audits that impact utilization review, case management, and audit staff. He also provides his common-sense interpretation of the prevailing regulations related to those target issues. You’ll walk away better equipped with strategies to put in place immediately to reduce your risk of paybacks, increased scrutiny, and criminal penalties.

September 19, 2024

Trending News

Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →

👻Spooky Sale is Back!👻 Get 31% off all three Medlearn brands, using code SPOOKY24.