Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Change Healthcare, UnitedHealth’s health care company lost the health information of more than 100 million people of last year’s ransomware attack, it said on Tuesday that the company had “finished” notifying victims of the massive data breach.
The February 2024 ransomware attack on Change Healthcare, one of the largest patient payment systems in the United States, led to months of disruption to US healthcare. The data breach was again the largest known theft of medical data in US history. Change Healthcare paid the hackers a ransom for the purpose of prevent them from republishing about the stolen data, and in exchange, they got a copy of the stolen data to start informing the people whose information was taken.
In his changes notice of data breach on its website On Tuesday, Change Healthcare said it has “notified its affected customers” whose addresses the company has on file. The healthcare giant said it “may not have enough addresses for all the people affected,” and that the information on the site was “to provide customers and the public with information about cyberattacks.”
But if you search the Internet for information about the Change Healthcare data breach, you won’t find the site in the search results.
TechCrunch’s review of the website’s website breach notification shows Change Healthcare included a hidden “noindex” code in the notification, which tells search engines to ignore the website, making it difficult for anyone searching the web to find the information. results. Change Healthcare has included the code “noindex” in its data breach notification ever since no later than November 20, 2024.
It is unclear why Change Healthcare has hidden the site from search engines. UnitedHealth spokesman Tyler Mason did not say why Change Healthcare included the code to hide the data breach notification. When asked, the spokesperson could not provide the number of people Change Healthcare notified of its breach beyond the number of approximately 100 million people it shared with the US Department of Health in October 2024.
A spokeswoman for the Department of Health and Human Services’ Office of Human Rights, which oversees federal investigations into data breaches involving protected information, did not respond to a request for comment on the matter.
Change Healthcare has been criticized for its delay in notifying those affected by the breach – the company only started doing so four months after receiving a copy of the stolen files. The delay in public disclosure caused several US states, including California, Massachusetts, Nebraska and New Hampshireto intervene by informing residents to be vigilant against identity theft and fraud following a data breach.
In December 2024, Nebraska brought lawsuits against Change Healthcare due to several security failures that led to the breach. The state’s attorney general, Mike Hilgers, said Change Healthcare’s lack of adequate information for affected individuals has left the state’s citizens “at risk of financial, health and informational harm.”
