Was Change Healthcare hacked?

Yes. The Change Healthcare breach occurred on February 21, 2024, affecting 100 million records.

What data was exposed in the Change Healthcare breach?

The 2024 Change Healthcare breach exposed health data of over 100 million Americans. Learn what was stolen and how to protect yourself.

What should I do if I was affected by the Change Healthcare data breach?

Check if your data was exposed using our free tool, change your passwords, enable two-factor authentication, and monitor your accounts for suspicious activity.

Change Healthcare Data Breach

Critical Severity 100 million records affected Published February 10, 2026

Company	Change Healthcare
Breach Date	February 21, 2024
Disclosure Date	October 22, 2024
Records Affected	100 million

The Change Healthcare ransomware attack in February 2024 was one of the largest healthcare data breaches in U.S. history, affecting over 100 million individuals. The attack disrupted healthcare operations across the country for weeks and exposed highly sensitive medical and financial data.

What Happened

On February 21, 2024, the ALPHV/BlackCat ransomware group infiltrated Change Healthcare's systems using stolen credentials for a Citrix remote access portal that lacked multi-factor authentication. Change Healthcare, a subsidiary of UnitedHealth Group, processes approximately 15 billion healthcare transactions annually. The attack caused widespread disruption to pharmacies, hospitals, and healthcare providers across the United States. UnitedHealth Group reportedly paid a $22 million ransom to the attackers. A second extortion attempt followed from a group called RansomHub, which claimed to have the stolen data.

What Data Was Exposed

Health insurance member IDs and policy details
Medical diagnoses and treatment information
Medical record numbers
Social Security numbers
Billing and claims information
Payment card and banking details
Personal information (names, addresses, dates of birth, phone numbers)

Who Is Affected

Over 100 million Americans were affected, making it the largest healthcare breach ever reported to the HHS Office for Civil Rights. Anyone who received healthcare services through providers using Change Healthcare's payment processing and claims management systems may be impacted.

How to Check If You Were Affected

Change Healthcare set up a dedicated support website and call center for affected individuals. Visit changehealthcaresupport.com or call their support line. UnitedHealth Group began sending notification letters to affected individuals starting in late 2024. Contact your healthcare provider to ask if they use Change Healthcare for claims processing.

What You Should Do Now

Enroll in the free credit monitoring and identity protection offered by Change Healthcare
Place a credit freeze with Equifax, Experian, and TransUnion
Monitor your Explanation of Benefits statements for unfamiliar medical services
Request your medical records to check for unauthorized entries
File a complaint with HHS if you believe your health data was misused
Be alert for medical identity theft and fraudulent insurance claims
Consider placing a fraud alert on your credit file

Last updated: February 10, 2026