Four months after a significant cyberattack forced its systems offline, a UnitedHealth subsidiary, Change Healthcare, has disclosed a major data breach. In a recent notification, Change Healthcare revealed that a “substantial quantity of data” was stolen, impacting a “substantial proportion of people in America.” Earlier this year, UnitedHealth’s CEO Andrew Witty estimated that “maybe a third” of all Americans might have been affected by the breach.
The breach notification highlights the severity of the situation. Change Healthcare stated, “While Change Healthcare cannot confirm exactly what data has been affected for each impacted individual, information involved for affected individuals may have included contact information (such as first and last name, address, date of birth, phone number, and email).” This means that millions of individuals could be at risk of identity theft and other forms of fraud.
The stolen data is not limited to basic contact information. CHANGE HEALTHCARE further explained that the data exfiltrated could include sensitive health insurance information, such as insurance plans, companies, Medicaid-Medicare-government payor ID numbers, and detailed health information like test results, diagnoses, and medical record numbers. Billing and claims information, which may include financial or banking information, balance and payments due, and account numbers, were also compromised. In addition, highly sensitive personal data, such as driver’s licenses and social security numbers, were potentially stolen.
Change Healthcare has acknowledged the complexity and breadth of the breach. “The information that may have been involved will not be the same for every impacted individual. To date, we have not yet seen full medical histories appear in the data review,” Change Healthcare said. This indicates that while some individuals might only have basic contact information exposed, others could have a more comprehensive set of their personal data compromised.
Moreover, Change Healthcare noted that the stolen information might also pertain to guarantors who paid healthcare bills on behalf of patients. “Also, some of this information may have related to guarantors who paid bills for healthcare services. A guarantor is the person who paid the bill for healthcare services,” the notification stated. This means that even individuals who are not direct patients of Change Healthcare but have financial ties to them could be affected.
Since June 20, Change Healthcare has been actively notifying its affected customers about the breach. The company is providing a link to the substitute notice for other customers to inform them of what happened. “The review of personal information potentially involved in this incident is in its late stages,” Change Healthcare said, indicating that they are nearing the end of their investigation into the breach.
In an effort to assist those impacted, Change Healthcare is taking steps to mitigate the damage caused by the breach. “Change Healthcare is providing this notice now to help individuals understand what happened, let them know that their information may have been impacted, and give them information on steps they can take to protect their privacy, including enrolling in two years of complimentary credit monitoring and identity theft protection services if they believe that their information may have been impacted.” This move aims to provide a level of protection for individuals as they navigate the potential fallout from the breach.
The CHANGE HEALTHCARE data breach is a stark reminder of the vulnerabilities in the healthcare sector’s cybersecurity infrastructure. As personal and sensitive data continue to be prime targets for cybercriminals, it underscores the importance for organizations to strengthen their defenses and for individuals to stay vigilant about their personal information. The full extent of the impact remains to be seen, but CHANGE HEALTHCARE’s ongoing efforts to notify and assist affected individuals is a critical step in addressing the breach.
About the Author:
Timothy Powell is a nationally recognized expert on regulatory matters including the False Claims Act, Zone Program Integrity Contractor audits and OIG compliance. He is a member of the RACmonitor editorial board.
Contact the Author:
tpowell@tpowellcpa.com
When you hear about pixels, you might think of computer screens – the smaller the pixels, the better the image. Or you might think of
They say artificial intelligence (AI) will improve medicine. But how good is it? Recently, several independent studies tested the leading AI systems, including the PrIME-LLM
Please log in to your account to comment on this article.
Breast biopsy procedures may be clinically straightforward but accurately translating them into compliant billing can be anything but. In this focused webcast, Shawn Blackburn, CPC, CPMA, CIC, CRC, CCS-P breaks down how imaging guidance, lesion count, laterality, and payer expectations all impact how these procedures should be reported. Through clear explanations and real-world scenarios, you’ll gain practical insight into aligning clinical workflows with billing requirements, avoiding common pitfalls, and ensuring your documentation supports accurate reimbursement and compliance.
Gain clarity and confidence in OB‑GYN coding with this expert‑led webcast featuring Sherri L. Clayton, RHIT, CSS. You’ll learn how to apply global maternity package rules accurately, select the right CPT codes for procedures and visits, and identify documentation gaps that lead to denials. With practical guidance and real examples, this session helps you strengthen compliance, reduce audit risk, and ensure accurate reimbursement for women’s health services.
Uncover essential coding insights with nationally recognized coding authority Kay Piper, RHIA, CDIP, CCS. Through ICD10monitor’s interactive, on‑demand webcast series, Kay walks you through the AHA’s 2026 ICD‑10‑CM/PCS Quarterly Coding Clinics, translating each update into practical, easy‑to‑apply guidance designed to sharpen precision, ensure compliance, and strengthen day‑to‑day decision‑making. Available shortly after each official release.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s fourth quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Traditional utilization management models can no longer keep pace with regulatory shifts, payer scrutiny, and operational pressures. In this webcast, Tiffany Ferguson, LMSW, CMAC, ACM, ACPA-C, introduces an Adaptive Model strategy that modernizes UM through role specialization, technology-driven workflows, and proactive, team-based processes. Attendees will learn how to restructure programs to improve efficiency, strengthen clinical collaboration, and enhance financial performance in a rapidly changing healthcare environment.
Federal auditors are intensifying their focus on inpatient psychiatric facilities, using advanced data analytics to spotlight outliers and pursue high‑dollar repayments. In this high‑impact webcast, Michael Calahan, PA, MBA, Compliance Officer and V.P., Hospital & Physician Compliance, breaks down what regulators are really targeting in IPF-PPS admissions, documentation, treatment and discharge planning. Attendees will learn practical steps to tighten processes, avoid common audit triggers and protect reimbursement and reduce the risk of multimillion-dollar repayment demands.
In this timely session, Stacey Shillito, CDIP, CPMA, CCS, CCS-P, CPEDC, COPC, breaks down the complexities of Medical Decision Making (MDM) documentation so providers can confidently capture the true complexity of their care. Attendees will learn practical, efficient strategies to ensure documentation aligns with current E/M guidelines, supports accurate coding, and reduces audit risk, all without adding to charting time.
Join Ronald Hirsch, MD, FACP, CHCQM for The PEPPER Returns – Risk and Opportunity at Your Fingertips, a practical webcast that demystifies the PEPPER and shows you how to turn complex claims data into actionable insights. Dr. Hirsch will explain how to interpret key measures, identify compliance risks, uncover missed revenue opportunities, and understand new updates in the PEPPER, all to help your organization stay ahead of audits and use this powerful data proactively.
Celebrate Lab Week with MedLearn! Sign up to win one year of our Laboratory All Access Pass! Click here to learn more →
Have a Medicare regulation question you’d love Dr. Hirsch to answer? Now is your chance! CLICK HERE to learn more→
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
