Change Healthcare Class Action Lawsuit Filed Over Repercussions from Data Breach

In addition to patients who had private information compromised, medical providers indicate they are now struggling with finances due to an inability to access Change Healthcare's claims system, according to the lawsuit.

An Oklahoma medical provider has filed a class action lawsuit over a recent data breach at Change Healthcare, which suffered a ransomware attack earlier this year after hackers gained access to medical records and other information held by the company.

The complaint (PDF) was filed by Metro Tulsa Foot and Ankle Specialists, P.L.L.C. last month in the U.S. District Court for the Western District of Oklahoma, indicating that the Change Healthcare data breach not only impacted patients whose private information was released, but has also disrupted the operations of healthcare providers that rely on the technology company, which processes payments, billing, prescription and medical records.

Change Healthcare, Inc. is a part of Optum, inc. and UnitedHealth Group Inc., which were also named as defendants in the lawsuit, claiming that medical records for one out of every three American patients needs to pass through Change’s digital systems.

In February 2024, Change Healthcare announced that it had been hit by a ransomware attack by a Russian group known as Blackcat, which blackmailed the company into paying $22 million in bitcoins to be able to re-access its own customer data.

However, the Change Healthcare data breach gave the hackers access to millions of customers’ private medical records, and the company’s response has caused difficulties for medical providers accessing its systems, which has negatively affected those hospitals, clinics and healthcare professionals relying on the company.

Patients impacted are just now starting to receive notice about the release of their medical records and a growing number of Change Healthcare lawsuits have been filed in recent months. However, the Oklahoma medical provider indicates that the victims of the hack extend beyond patients, with repercussions throughout the healthcare system.

Change Healthcare Lawsuit

Were you impacted by the Change Healthcare data breach?

Lawyers are reviewing potential claims for individuals whose private medical information and other personal details were compromised in a data breach at Change Healthcare.

Learn More SEE IF YOU QUALIFY FOR COMPENSATION

“In response to the attack, Change disconnected its affected systems, hamstringing providers and disrupting key operations, such as pharmacy orders, as providers have not been able to communicate pharmacy prescriptions and pharmacies have been unable to verify patient eligibility and coverage,” according to the class action lawsuit brought on behalf of healthcare providers. “However, the repercussions of the data breach extend beyond patients to healthcare providers like the Plaintiff, whose operations rely on Change’s services for claims processing.”

Months after the Change Healthcare data breach, medical providers report they are still having difficulty processing data through the company’s systems, putting them at risk of additional expenses, financial problems and potential closure.

The lawsuit seeks class action status to pursue damages on behalf of all providers affected by the loss of access, blaming Change for failing to detect, prevent, and adequately warn its customers about the data breach.

“Change neglected to implement adequate security measures,” according to the complaint. “The system weakness exploited by Blackcat hackers was easily identifiable and curable. Change’s failure to take the required steps to prevent the attack resulted in significant financial losses and operational disruptions for healthcare providers.”

Recent Data Breaches Have Affected Millions in 2024

Data breach events can include a variety of security failures in which hackers gain access to sensitive information held by companies, ranging from customer login credentials, contact information and credit card data, to more sensitive details like social security numbers or bank account data. Often this compromised information is then sold for nefarious purposes on the Dark Web.

These events can lead to devastating consequences for those affected, exposing individuals to an increased risk of identity theft and financial fraud, as well as fear, stress, anxiety and other consequential damages resulting from the need to freeze their credit, employ identity monitoring services, and take other drastic measures to protect their financial security.

According to a recent report by the Identify Theft Resource Center, there was a 490% increase in individual data breach victims between January and June of this year, when compared with the same timeframe in 2023.

Most of those impacted this year were part of a massive Ticketmaster data breach, which is believed to have exposed 560 million customers to an increased risk of identity theft and financial fraud when hackers were able to gain access to a cloud-based storage system operated by Snowflake.

Following the spike in cybersecurity victims this year, a growing number of Ticketmaster data breach lawsuits and other legal actions are now being pursued against companies responsible for allowing hackers to access customers’ personal identifying information.

Image Credit: Phanphen Kaewwannarat

Find Out If You Qualify For a Change Healthcare Breach Settlement

2 Comments

  • DonnaSeptember 30, 2024 at 10:04 am

    Why it take so long for the company to say the hackers had got my business.

  • KevinSeptember 20, 2024 at 1:00 pm

    We were covered under united healthcare in Rhode Island and we did received mailed notification about the privacy breach along with many others. Our coverage of insurance with united healthcare was from May 2023 to April 2024. In July of 2024 we were billed for lab work that was done in March of the same year. It seemed unusual to receive such late bills for lab work that was done 4 months prior[Show More]We were covered under united healthcare in Rhode Island and we did received mailed notification about the privacy breach along with many others. Our coverage of insurance with united healthcare was from May 2023 to April 2024. In July of 2024 we were billed for lab work that was done in March of the same year. It seemed unusual to receive such late bills for lab work that was done 4 months prior. It may not have anything to do with the pending lawsuit but it did strike me as unusual.

Share Your Comments

I authorize the above comments be posted on this page*

Want your comments reviewed by a lawyer?

To have an attorney review your comments and contact you about a potential case, provide your contact information below. This will not be published.

NOTE: Providing information for review by an attorney does not form an attorney-client relationship.

This field is for validation purposes and should be left unchanged.

More Top Stories

Depo-Provera Brain Tumor Warnings Added to Drug Label in Europe, But Not In U.S.
Depo-Provera Brain Tumor Warnings Added to Drug Label in Europe, But Not In U.S. (Posted today)

A recently filed Depo-Provera lawsuit questions why Pfizer updated the drug label in Europe, to warn about the risk of meningioma brain tumors, but failed to provide the same Depo-Provera warnings to U.S. consumers and doctors.

Hair Relaxer Lawsuit Status Conference To Be Held With MDL Judge This Week
Hair Relaxer Lawsuit Status Conference To Be Held With MDL Judge This Week (Posted 2 days ago)

U.S. District Judge presiding over all federal hair relaxer lawsuits will meet with lawyers involved in the litigation on Thursday, to discuss the status of the claims and when to move forward with bellwether cases.