Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack.
The company also said Thursday that it expects to begin notifying individuals or patients in late July.
Change Healthcare, a subsidiary of health care giant UnitedHealth Group, provides technology used to submit and process billions of insurance claims a year. Hackers gained access in February to its system and unleashed a ransomware attack that encrypted and froze large parts of it.
The attack triggered a disruption of payment and claims processing around the country, stressing doctor’s offices and health care systems by interfering with their ability to file claims and get paid.
Change says names, addresses, health insurance information and personal information like Social Security numbers may have been exposed in the attack. The company is still investigating.
It said Thursday that it has reviewed more than 90% of impacted files and has seen no signs that doctors’ charts or full medical histories were taken.
After the attack, UnitedHealth paid a $22 million ransom in bitcoin, CEO Andrew Witty has said.
Witty said during Congressional hearings last month that all of the company’s core systems, including claims payment and pharmacy processing, were functional.
The company has been offering to pay for two years of credit monitoring and identity theft protection for people worried that their information may have been exposed in the attack.
Related: Change Healthcare Cyberattack Was Due to a Lack of Multifactor Authentication, CEO says
Related: US Offering $10 Million Reward for Information on Change Healthcare Hackers
Related: Cyber Insights 2024: Ransomware
