Gibbs Law Group Files Class Action Lawsuit on Behalf of Healthcare Providers Harmed by Change Healthcare Data Breach

Lawsuit Alleges Change Healthcare Failed to Adequately Secure Its Computer Networks, Compromising Critical Healthcare Systems Nationwide

On March 18, 2024, Gibbs Law Group filed a class action lawsuit against Change Healthcare Inc., Optum, Inc. and UnitedHealth Group Incorporated following a massive data breach that has disrupted critical infrastructure in the U.S. healthcare system since February 21, 2024. The lawsuit was filed on behalf of healthcare providers whose use of Change Healthcare’s services was disrupted due to the data breach and related shutdown of the Change Healthcare computer networks. Affected healthcare providers have been unable to get paid on claims for medical services they have provided since the breach occurred. The lawsuit charges Defendants with failing to maintain appropriate and reasonable cybersecurity measures to protect the critical healthcare infrastructure the companies oversee.

Healthcare providers who believe they were impacted by the Change Healthcare data breach should contact our legal team for a free case evaluation by calling 510-369-0259 or visiting our website: Change Healthcare Class Action Lawsuit.

Case Background

Change Healthcare is the largest healthcare payment processor in North America, according to the American Hospital Association (AHA), with 15 billion transactions processed each year that touch 1 in every 3 patient records. On February 21, 2024, a data breach at Change Healthcare resulted in hackers accessing confidential health and personal information of millions of consumers. The lawsuit alleges that the data breach exposed significant vulnerabilities in Change Healthcare’s computer systems, resulting in Defendants’ decision to shut down all of the affected computer networks.

Impact to Healthcare Providers

The data breach and resulting shutdown has crippled the healthcare industry, impacting doctors, pharmacies, patients and hospitals throughout the United States. Healthcare providers have been severely impacted, with many having difficulties verifying insurance for medical procedures or unable to submit claims for payment. The inability to submit claims for payments from insurers for patient visits or to receive payments has left many providers in dire straits and threatens their ability to pay basic operational expenses like medical supplies and payroll. It’s unknown how long Change Healthcare’s computer networks will be down and according to one estimate, the security incident is costing medical providers “over $100 million a day,” raising widespread fears that some medical providers may have problems staying afloat over the next two months and that others may have to close their doors.

Previous Concerns and Warnings

In 2021, the DOJ and AHA previously raised concerns about UnitedHealth Group’s acquisition of Change Healthcare and the consolidation of significant amounts of health data. The FBI has continuously issued warnings, including as early as 2014, that hackers specifically target the healthcare industry. Change Healthcare recently confirmed that ransomware group ALPHV, or Blackcat, a group known for healthcare company ransomware attacks, was responsible for the breach, according to the Associated Press. In the case of Change Healthcare, affiliates with Blackcat claim they still have the stolen data, although a $22 million ransom has already been allegedly paid.

“We are hearing from healthcare providers throughout the country who are distraught and concerned that they may not be able to buy medical supplies, make payroll, or pay rent as a result of this crippling disruption to the nation’s healthcare infrastructure,” said Rosemary Rivas, a lead data breach attorney with Gibbs Law Group. “Change Healthcare has touted itself as a ‘trusted partner’ to providers and payors, but the company’s failure to protect its networks and safeguard critical health information has resulted in widespread harms, and deeply eroded trust.”

About Gibbs Law Group

Gibbs Law Group is a nationwide leader in class action lawsuits seeking to holding companies accountable for large-scale data breaches. It has prosecuted some of the largest privacy cases throughout the country, and the firm’s attorneys have received numerous awards for their privacy and data breach work including “Cybersecurity & Privacy MVP,” “Top Cybersecurity and Privacy Attorneys Under 40,” and “Titans of the Plaintiffs Bar.”

The firm achieved a historic $1.5 billion settlement from Equifax in 2019, on behalf of 147 million consumers whose social security numbers and other private data were exposed in a breach. Described by the court as “the largest and most comprehensive recovery in a data breach in U.S. history by several orders of magnitude,” the settlement also required Equifax to spend over $1 billion in data security technology and to make comprehensive security reforms. Previously, the firm negotiated a $115 million settlement in the Anthem data breach, the largest data breach settlement at the time, after approximately 80 million personal records were compromised in a massive data breach of the health insurance giant.

View source version on businesswire.com: https://www.businesswire.com/news/home/20240319440890/en/