Question: In March there was news about a health care data breach that affected millions in the U.S. I’m sure I was affected because I couldn’t fill a prescription; the drugstore said it was because of the hack. However, I never got a notification letter, as I have in other cases. Will I ever be told what health information of mine was accessed?
Answer: You are referring to the ransomware cyberattack in February on Change Healthcare, an electronic payment network that handles 1 in 3 U.S. patient records, connecting with insurance companies, hospitals, pharmacies, doctor and dental offices, and other medical facilities.
Change Healthcare, a subsidiary of UnitedHealth Group, has a patient-oriented website about the aftermath of this breach, which says the company expects to begin notifying affected people later this month but that you don’t need to wait for a letter — you can sign up now for free credit monitoring and take other steps to secure financial accounts and be alert for identity theft, Medicare fraud and other crimes. Read full details at changecybersupport.com. Here are key points, for you and anyone else who may have been affected:
>> Impact: Patient and member information that may have been accessed includes contact information (such as first and last name, address, date of birth, phone number and email) and one or more of the following: health insurance information (such as primary, secondary or other health plans/policies, insurance companies, member/group ID numbers and Medicaid- Medicare-government payor ID numbers); health information (such as medical record numbers, providers, diagnoses, medicines, test results, images, care and treatment); billing, claims and payment information (such as claim numbers, account numbers, billing codes, payment cards, financial and banking information, payments made and balance due); and/or other personal information such as Social Security numbers, driver’s licenses or state ID numbers, or passport numbers. Change Healthcare says it cannot confirm exactly what data was accessed for each person and that the type of information involved is not the same for every person affected.
>> Action: Anyone who believes their information was accessed can sign up for two years of credit monitoring and identity protection service by IDX, paid for by Change Healthcare. Enroll through a link at changecybersupport.com or by calling 888-846-4705. You don’t have to wait for official notification to sign up.
Consumers also are urged to review benefit statements and bills from health plan and health care providers, as well as other financial documents, for unfamiliar activity. Alert the respective provider or institution of any discrepancy, and file a police report if identity theft or a financial crime has occurred. As in any hack, consider freezing your credit, or at least setting a fraud alert on your credit report.
>> Notification: Change Healthcare says it plans to send letters to many affected people after it concludes its data review. Mailings are expected to begin in late July. However, Change Healthcare says it might not have “sufficient addresses” for all affected people. As mentioned, official notification is not needed to sign up for the free credit monitoring.
>> Other help: Change Healthcare has set up a call center at 866-262-5342. Staff won’t be able to tell a person exactly what of their data was stolen, but can answer general questions, help people sign up for the free credit monitoring and provide emotional support.
Auwe
A dog owner in Ahuimanu did the responsible thing by picking up his/her dog’s mess while walking. But why dump it in my blue bin, which had just been emptied? Take it home and put it in your bin. Now your stinky mess will be in my blue bin until the next time I put it out for collection, which could be in four, five or six weeks. — Gary
Write to Kokua Line at Honolulu Star-Advertiser, 500 Ala Moana Blvd., Suite 7-500, Honolulu, HI 96813; call 808-529-4773; or email kokualine@staradvertiser.com.
