Fallout continues for one of the nation's largest health insurers after an unprecedented data breach. And now, the Massachusetts Attorney General’s Office wants consumers to act.
Change Healthcare, which is part of UnitedHealth, was hit with a cyberattack late February that interrupted thousands of doctor's offices, hospitals, and pharmacies. According to the company, the breach reportedly led to victims' personal and health information being leaked to the dark web.
STAY IN THE KNOW
 |
Watch NBC10 Boston news for free, 24/7, wherever you are. |
 |
Get Boston local news, weather forecasts, lifestyle and entertainment stories to your inbox. Sign up for NBC Boston’s newsletters. |
UnitedHealth’s CEO, Andrew Witty, told Congress during a Senate committee hearing in May that it would likely take “several months” before they would be able to identify and notify those impacted by the hack. He said an estimated one-third of Americans could have been compromised in the data breach.
Jack Danahy is the vice president of strategy and innovation at NuHarbor Security.
Get top local stories in Boston delivered to you every morning. Sign up for NBC Boston's News Headlines newsletter.
“It was, a very, very large, widespread, attack that covered millions and millions of people's information.”
The Massachusetts Attorney General's office said Change Healthcare has yet to provide any letters or emails to consumers impacted.
“If you think about the information that was stolen, people who take advantage of the stolen information could now make false claims,” said Danahy. “They have enough information that they can actually presume upon the billing agencies right to commit fraud to get health care services. Now that data becomes part of my health care record.”
Local
In-depth news coverage of the Greater Boston Area.
The AG’s office is sharing the resources Change Healthcare is offering to all Massachusetts residents who believe they may have been impacted.
This includes free credit monitoring and identity theft protections for two years. The company says it is still trying to work through a data review to identify affected individuals. And can’t yet provide consumers with details about whether their data was impacted.
“I recommend that people look to their health care insurers and look at the reporting to make sure that they're not seeing bills that they didn't incur, recommendations from doctors that they didn't ask for, feedback from the system that would indicate that maybe somebody is taking advantage of this private information to get services underneath their medical records,” explained Danahy.
According to a statement on Change Healthcare’s website, the company says: “UnitedHealth group continues to make progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and the change healthcare services, while continuing to expand financial assistance to affected providers.”
Consumers should also watch out for these warning signs that someone might be using their medical information:
- Receiving a bill from your doctor for services not received.
- Getting a call from a debt collector about medical debt you do not owe.
- A notice from your health insurance company about reaching your benefit limit.
- Or being denied insurance coverage because medical records show a pre-existing condition you do not have.
Consumers can also consider freezing their credit. This will prevent anyone from taking out new loans or credit cards in their names.
To enroll in the free credit monitoring and identity protection services, you can visit Change Healthcare’s webpage.
