Announcement Comes after Change Healthcare Cyberattack
New York Attorney General Letitia James issued a consumer alert to raise awareness about free credit monitoring and identity theft protection services available for millions of consumers impacted by the Change Healthcare data breach.
In February, Change Healthcare, which operates the nation’s largest electronic health care payment system, experienced a cyberattack that exposed the personal information of millions of patients, including millions of New Yorkers. After the cyberattack, James urged UnitedHealth Group. Inc., Change Healthcare’s parent company, to bolster its efforts to protect providers, pharmacies, and patients harmed by the breach. Now, Change Healthcare is offering all New York residents free credit monitoring and identity theft protections for two years to safeguard their personal information.
“The disastrous cyberattack on Change Healthcare leaked the personal information of millions of Americans and made them vulnerable to bad actors,” James said. “While UnitedHealth and its subsidiary work to address the fallout from the cyberattack, I urge everyone who believes their information may have been compromised to use the free credit monitoring and identity theft protection services to protect themselves. Companies should not treat strong data security as an afterthought; it is necessary to protect New Yorkers from fraud and my office will continue to ensure companies take this responsibility seriously.”
The cyberattack on Change Healthcare interrupted health care services at thousands of doctors’ offices, hospitals, and pharmacies and leaked Americans’ sensitive health and personal data onto the dark web, a hidden portion of the Internet where cyber criminals can buy, sell, and track personal information. Change Healthcare estimates that the data breach could impact up to one-third of all Americans.
Consumers should be aware of potential warning signs that someone is using their medical information. These signs include bills for medical services they did not receive, errors in their Explanation of Benefits statement, such as charges for services never received or prescriptions not taken, calls from debt collectors about medical debts they do not owe, medical debt collection notices on their credit report that they do not recognize, notices from their health insurance company about reaching benefit limits, and denials of insurance coverage due to inaccurate pre-existing conditions.
Those who are affected but do not wish to use Change Healthcare’s services can freeze their credit by calling all three credit bureaus: Experian, Equifax, and TransUnion. This will prevent banks or lenders from accessing consumers’ credit reports and stop identity thieves from taking out new loans or credit cards in consumers; names because creditors will not approve their loans or credit requests if they cannot first access their credit reports. By law, a credit bureau must allow consumers to place, temporarily lift, or remove a credit freeze for free.
Once they freeze their credit, the bureaus will send them a personal identification number (PIN) to unfreeze their credit if they want to apply for a loan or credit card then use the PIN again to freeze their credit after applying.
Consumers should call all three credit bureaus — Experian, Equifax, and TransUnion —
to freeze their credit.
● You can place a credit freeze with Experian online or by calling +1 (888) 397- 3742.
● You can place a credit freeze with Equifax online or by calling +1 (888) 766-0008.
● You can place a credit freeze with TransUnion online or by calling +1 (800) 680- 7289.
Consumers can report concerns related to the cyberattack to the OAG by calling 1-800-771-7755 or filing a complaint online