Change Healthcare notifies customers of its data breach

VIVA contracts with Change Healthcare to provide certain electronic services on its behalf.As part of an ongoing investigation into the February 2024 ransomware attack and data breach at UnitedHealth Group's Change Healthcare - an attack that affected healthcare entities nationwide - VIVA Health has been notified that approximately 22,000 of its customers' data was involved in the breach.

VIVA contracts with Change Healthcare to provide certain electronic services on its behalf including billing and payment processing. Change Healthcare also prints and mails various customer documents on VIVA's behalf.

Given the scope of the data breach, which Change Healthcare has reported is likely to affect a substantial portion of the people in the United States, Change Healthcare has spent the months since the security incident conducting a forensic investigation of the data potentially affected and has only recently been able to begin providing its customers with the names of affected individuals.

After learning of the breach from Change Healthcare earlier this year, VIVA promptly took steps to safeguard customer data during the forensic investigation. Change Healthcare has begun notifying customers about the ransomware breach and VIVA customers have been or are in the process of being notified. The notice letters from Change Healthcare will provide information on the data breach, the types of data potentially involved and resources for individuals to protect themselves, including directions for signing up for two years of free identity protection and credit monitoring.

Change Healthcare's investigation into the incident continues and may identify additional VIVA customers involved in the breach. If so, those customers will also receive a notice letter from Change Healthcare.

While Change Healthcare has been unable to provide VIVA with the exact data involved for each affected individual, it is common for demographic information - first/last name, address, phone number, date of birth, health plan ID number and in rare cases social security number - to be targeted in these types of incidents.

As with any data breach incident, it is recommended those impacted remain vigilant and regularly monitor the explanation of benefits statements you receive from your health plan, statements from your healthcare providers, bank and credit card statements, and credit reports and tax returns to check for any unfamiliar activity. If you notice any health care services you did not receive listed on an explanation of benefits statement, please contact your health plan or doctor. If you notice any suspicious activity on either your bank or credit card statements or on your tax returns, please immediately contact your financial institution and/or credit card company or relevant agency.

The U.S. Department of Health and Human Services has made information on the data breach available here.

Change Healthcare has established a dedicated call center to offer additional resources and information, including assistance in enrolling in two years of free identity theft protection and credit monitoring services. The toll-free call center phone number is 1-866-262-5342, and is available Monday through Friday, 8 a.m. to 8 p.m. CST. Customers can also visit www.changecybersupport.com for more information.