Nevada Attorney General Aaron D. Ford announced that his Bureau of Consumer Protection is sharing consumer protection reminders and raising awareness about the availability of free credit monitoring and identity theft protection services following Change Healthcare’s February data breach.
Change Healthcare, a unit of UnitedHealth, is the nation’s largest electronic data clearinghouse. Its technological infrastructure is used by tens of thousands of providers, pharmacies, and insurers to verify insurance, confirm pre-authorization of procedures or services, exchange insurance claim data, and perform other administrative tasks essential to healthcare delivery.
The February cyberattack interrupted operations for thousands of doctors’ offices, hospitals, and pharmacies. It also resulted in Americans’ sensitive health and personal data being leaked onto the dark web—a hidden portion of the Internet where cybercriminals buy, sell, and track personal information. The actual number and identity of affected patients are currently unknown.
Change Healthcare has publicly stated that the data breach could impact up to one-third of all Americans. Typically, when there is a data breach impacting Nevada residents, consumers receive an individualized letter or email if their data was impacted. However, Change Healthcare has not yet provided individual notice to consumers. Given the delay between the data breach and notification to those impacted, AG Ford is publicizing not just the breach but also resources offered by Change Healthcare.
“Protecting identity and credit is not only a personal responsibility but also an obligation of companies who utilize such consumer information,” said AG Ford. “Impacted Nevadans have an opportunity to implement additional safeguards and take advantage of complimentary services offered by Change Healthcare. Anyone who is concerned about the status of their credit should take steps to ensure it is protected.”
Change Healthcare is offering all Nevada residents who believe they may have been impacted free credit monitoring and identity theft protections for two years. The dedicated website and call center will not be able to provide individuals with details about whether their data was impacted but can guide them through getting set up for these protections. Since Change Healthcare has not yet provided notice to individuals and the impact is significant, AG Ford suggests everyone assume their information has been involved.
For more information visit changecybersupport.com.
To enroll in credit monitoring through IDX use the link at changecybersupport.com or call 1-888-846-4705.
For additional support from Change Healthcare call 1-866-262-5342.
Consumers should be aware of potential warning signs that someone is using their medical information:
A bill from their doctor for services they did not receive;
Errors in their Explanation of Benefits statement like services they never received or prescription medications they do not take;
A call from a debt collector about a medical debt they do not owe;
Medical debt collection notices on their credit report that they do not recognize;
A notice from their health insurance company indicating they have reached their benefit limit; or
They are denied insurance coverage because their medical records show a pre-existing condition they do not have.
If consumers are concerned that their data may have been impacted but prefer not to use the free resources provided by Change Healthcare, they can also consider freezing their credit. A credit freeze prevents creditors—such as banks or lenders—from accessing individuals' credit reports. This will stop identity thieves from taking out new loans or credit cards in consumers' names because creditors will not approve loans or credit requests without first accessing these reports.
By law, a credit bureau must allow you to place, temporarily lift, or remove a credit freeze for free. When consumers freeze their credit with each bureau—Experian (+1 888 397-3742), Equifax (+1 888 766-0008), TransUnion (+1 800 680-7289)—the bureaus will send them a personal identification number (PIN). Consumers can then use this PIN to unfreeze their credit if needed.
Cyberattacks in the healthcare sector have increased in both frequency and severity in recent years. Data breaches involving PHI are required to be reported to the U.S. Department of Health & Human Services - Office for Civil Rights (hhs.gov) by HIPAA-covered entities. Since this year began, nearly 38 million individuals' PHI has been impacted according to this portal.
Joining AG Ford in sharing these consumer protection resources is a bipartisan group of attorneys general from across the country.
###