Washington State University

17/07/2024 | News release | Distributed by Public on 17/07/2024 22:26

Cyberattack against third-party vendor may affect some WSU students

PULLMAN, Wash. - Washington State University has learned that some students and other individuals who've used the Cougar Health Services Pharmacy ("CHS") on the Pullman campus may have had their personal health information exposed in a recent cyber-attack against a third-party service provider.

Change Healthcare, which processes insurance claims for healthcare organizations nationwide including CHS, provided substitute notice to WSU on June 20 that personally identifiable health information from CHS Pharmacy users may have been exposed in the data breach.

This media advisory is being sent in compliance with Washington state law.

WSU has established a website with information and resources for those potentially affected.

On Feb. 21, 2024, Change Healthcare became aware of deployment of ransomware in its computer system. Once discovered, Change Healthcare quickly took steps to stop the activity, disconnected and turned off systems to prevent further impact, began an investigation, and contacted law enforcement.

Change Healthcare reports it retained cybersecurity and data analysis experts to assist in the investigation, which began on Feb. 21, 2024. On March 7, 2024, Change Healthcare was able to confirm that a substantial quantity of data had been exfiltrated from its environment between Feb. 17, 2024, and Feb. 20, 2024. On April 22, 2024, Change Healthcare publicly confirmed the impacted data could cover a substantial proportion of people in America.

Change Healthcare is unable to confirm exactly what patient data was exposed. However, the data that may have been accessed by unauthorized parities includes a range of patient information:

  • Contact information, such as first and last names, addresses, dates of birth, phone numbers, and email addresses
  • Health insurance information, such as primary, secondary or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers
  • Health information, such as medical record numbers, providers, diagnoses, medicines, test results, images, care and treatment records
  • Billing, claims and payment information, such as claim numbers, account numbers, billing codes, payment cards, financial and banking information, payments made, and balances due
  • Other personal information such as Social Security numbers, driver's licenses or state ID numbers, or passport numbers.

WSU Pullman students and other CHS Pharmacy users who are concerned they have been impacted can enroll in two years of complimentary credit monitoring and identity protection services by visiting the Change Healthcare notice of data breach website.

CHS Pharmacy users should also regularly monitor their explanation of benefits statements for unusual activity and contact their health plan or health care provider if they notice any discrepancies. If CHS Pharmacy users notice suspicious activity on tax returns, bank or credit card statements, they should contact their financial institution or credit card company. If an individual believes they are the victim of a crime, they are advised to contact local law enforcement and file a police report.

If you have any questions for WSU CHS Pharmacy regarding this incident please contact Joseph Santos, quality assurance & compliance coordinator, Cougar Health Services, at [email protected]. The above Change Healthcare link provides contact information for Change Healthcare.

Affected CHS Pharmacy users may also obtain a free copy of their credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free 1-877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You also can contact one of the following three national credit reporting agencies: