Is the Change Healthcare letter I received in the mail a scam? Here's what to know
Have you recently received a letter in the mail alerting you to a Change Healthcare data breach and are wonder if it's a scam? The short answer: it's the real deal. But now, what should you do? According to Change Healthcare, letters notifying business customers of the breach started being sent out back in June but some people have been receiving them as recently as September and October.
Here's what to know.
What is the United Health, Change Healthcare cyberattack?
The cyberattack began on Feb. 21 against Change Healthcare, which is a health care technology company that is part of Optum and owned by UnitedHealth Group, according to the American Hospital Association.
The company processes 15 billion health care transactions annually, which include a range of services that directly affect patient care, including eligibility verifications and pharmacy operations, as well as claims transmittals and payment. All of these have been disrupted to varying degrees, the hospital trade group noted in a statement.
It remains unclear how many hospitals have been impacted, but trade groups have asserted Change Healthcare transactions touch one in every three patient records.
And while the affected data is not the same for everyone involved, according to Change Healthcare, information involved in the breach includes:
- Contact information, such as name, address, date of birth, phone number and email
- Health insurance data, such as health plans/policies, insurance companies, member/group ID numbers and Medicaid-Medicare-government payor ID numbers
- Health data, such as medical record numbers, doctors, diagnoses, medicines, test results, images, care and treatment
- Billing, insurance claims and payment data, such as claim numbers, account numbers, billing codes, payment cards, financial and banking and balance
- Other personal data, such as Social Security numbers, driver's license or state ID numbers or other ID numbers
What to do if you think you've been affected by a data breach
Here's are some tips from the Federal Trade Commission if you think you've been affected by a data breach, including the one involving Change Healthcare:
- Get free credit reports from annualcreditreport.com and check for any accounts or charges you don't recognize.
- Consider placing a free credit freeze or fraud alert to further protect yourself from people trying to open new accounts in your name.
- Change usernames and passwords that may have been compromised.
- Take advantage of free credit monitoring if it's offered by the company responsible for exposing your information.
In this case, Change Healthcare is offering free online credit monitoring and identity restoration services through IDX for two years, which consumers should take advantage of.
However, the state's Division of Consumer Protection also recommends consumers ask additional questions and become informed before agreeing to any service and should consider placing a fraud alert or security freeze on their credit as an added protective measure.
New York State Team health reporter David Robinson contributed reporting.
Emily Barnes reports on consumer-related issues for the Paste BN Network’s New York Connect Team, focusing on scam and recall-related topics. Follow her on Twitter and Instagram @byemilybarnes. Get in touch at ebarnes@gannett.com.