Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Change Healthcare, a UnitedHealth-owned healthtech company More than 100 million people lost sensitive health information In a ransomware attack last year, the company said on Tuesday that it had “substantially completed” notifying victims of the massive data breach.
A February 2024 ransomware attack on Change Healthcare, one of the largest processors of patient billing in the US, resulted in months of outages that disrupted care across the US healthcare system. Data was also broken The biggest theft of medical information in US history. Change Healthcare has paid the ransom to hackers with intent Prevent them from further disclosure of the stolen data, and in return, obtained a copy of the stolen data to begin informing those whose information was taken
An update on that Notice of data breach on its website On Tuesday, Change Healthcare said it had “notified its affected customers” for whom the company had a postal address on file. The healthcare giant said it “may not have sufficient addresses for potentially affected individuals” and that the website notification was “to provide information to customers and individuals about criminal cyberattacks.”
But if you search the web for a Change Healthcare data breach notification, you’re unlikely to find the webpage in search engine results.
TechCrunch’s review of the source code of the infringement notice web page reveals that the change includes hidden “noindex” code in the healthcare notice, which tells search engines to ignore the web page, making it more difficult for anyone searching the web for the notice to find it in a search. Results Change Healthcare included the code “noindex” in its data breach notices At least by November 20, 2024.
It is not clear why Change Healthcare has hidden the page from search engines. UnitedHealth spokesman Tyler Mason did not comment on why Change Healthcare included the code to hide the data breach notice. When asked, the spokesperson was unable to provide a specific number of individuals that Change Healthcare notified of the breach beyond the estimated 100 million numbers shared with the US government’s Department of Health in October 2024.
A spokeswoman for the Department of Health and Human Services’ Office of Civil Rights, which oversees federal investigations into data breaches involving protected health information, did not respond to a request for comment.
Change Healthcare has been criticized for being slow to notify those affected by the breach — the company began doing so four months after receiving a copy of the stolen files. Delays in public disclosure have resulted in several states including the United States California, Massachusetts, Nebraska And New HampshireIntervening after a data breach by informing residents to beware of identity theft and fraud.
In December 2024, Nebraska has brought legal action against Change Health Care For a string of security failures which led to the breach. The state’s attorney general, Mike Hilgers, said the lack of adequate notice of the health care change to affected individuals made state citizens “more vulnerable to the exploitation of sensitive personal financial, health and identification information.”
