OAKLAND, Calif.--(BUSINESS WIRE)--On March 12, 2024, Gibbs Law Group filed a class action lawsuit against Change Healthcare Inc. following a massive data breach impacting the single largest healthcare payment processor in North America. The lawsuit, filed on behalf of consumers, charges Change Healthcare with failing to take reasonable security measures to protect the confidential health and personal information of millions of Americans following what is being seen as the most significant data breach impacting the US healthcare system.
Consumers, patients, and healthcare providers who believe they were impacted by the Change Healthcare data breach should contact our legal team for a free case evaluation by calling 510-369-0259 or visiting our website: Change Healthcare Class Action Lawsuit.
Case Background
Change Healthcare is the largest healthcare payment processor in North America, according to the American Hospital Association (AHA), with 15 billion transactions processed each year that touch 1 in every 3 patient records. On February 21, 2024, a data breach at Change Healthcare resulted in hackers accessing confidential health and personal information of millions of consumers.
Widespread Impact
The impact of the data breach and resulting decision to disable critical healthcare processing systems has crippled the healthcare industry, impacting patients, doctors, pharmacies, and hospitals throughout the United States. Some patients have been unable to access medicine they critically need or have been forced to pay for expensive medications out of pocket. Healthcare providers have also been harmed from the cyberattack and have reported being unable to verify insurance for medical procedures and unable to receive reimbursement for medical claims. It’s unknown how long Change Healthcare’s systems will be down and according to one estimate, the security incident is costing medical providers “over $100 million a day,” raising fears that some medical providers may have problems staying afloat over the next two months and others may shut down.
Previous Concerns and Warnings
In 2021, the DOJ and AHA previously raised concerns about UnitedHealth Group’s acquisition of Change Healthcare and the access to significant amounts of health data. The FBI has continuously issued warnings, including as early as 2014, that hackers specifically target the healthcare industry. Change Healthcare recently confirmed that ransomware group ALPHV, or Blackcat, a group known for healthcare company ransomware attacks, was responsible for the breach, according to the Associated Press. Groups like Blackcat typically first scramble an organization’s data with file-encrypting malware and then steal a copy for themselves that they threaten to publish if a ransom is not paid. In the case of Change Healthcare, affiliates with Blackcat claim they still have the stolen data although a $22 million ransom has already been allegedly paid.
"There is no excuse for companies this large and profitable to allow something so devastating to happen,” said Rosemary Rivas, a lead data breach attorney with Gibbs Law Group. “Millions of Americans had no choice but to trust Change Healthcare and UnitedHealth with their personal health information, and it should have been ensuring reasonable security.”
About Gibbs Law Group
Gibbs Law Group is a nationwide leader in class action lawsuits seeking to holding companies accountable for large-scale data breaches. It has prosecuted some of the largest privacy cases throughout the country, and the firm’s attorneys have received numerous awards for their privacy and data breach work including “Cybersecurity & Privacy MVP,” “Top Cybersecurity and Privacy Attorneys Under 40,” and “Titans of the Plaintiffs Bar.”
The firm achieved a historic $1.5 billion settlement from Equifax in 2019, on behalf of 147 million consumers whose social security numbers and other private data were exposed in a breach. Described by the court as “the largest and most comprehensive recovery in a data breach in U.S. history by several orders of magnitude,” the settlement also required Equifax to spend over $1 billion in data security technology and to make comprehensive security reforms. Previously, the firm negotiated a $115 million settlement in the Anthem data breach, the largest data breach settlement at the time, after approximately 80 million personal records were compromised in a massive data breach of the health insurance giant.