By Sonya Sellmeyer, Consumer Advocacy Officer for the Iowa Insurance Division

In recent years, the digital landscape has witnessed an alarming increase in data breaches, with companies across various industries falling victim to cyberattacks. In February of this year, Change Healthcare, the largest processor of medical claims in the United States, experienced a breach that exposed sensitive personal identifiable information (PII) and protected healthcare information (PHI) of millions of individuals.

The Change Healthcare data breach, like many others, compromised a vast amount of personal data, including names, addresses, birth dates, Social Security numbers, and medical information.  Once in the wrong hands, sensitive information can lead to various forms of identity theft, fraud, and financial loss for affected consumers. Moreover, in the context of healthcare data breaches, the ramifications extend beyond financial harm, potentially jeopardizing a patient’s privacy and healthcare outcomes.

One of the most immediate consequences of the Change Healthcare data breach is the heightened risk of identity theft for the affected individuals.  Cybercriminals can engage in various fraudulent activities, including opening new lines of credit, filing false insurance claims, or even accessing medical services under stolen identities.

Scammers are taking advantage of the situation.  Consumers have been contacted by scammers claiming they are from a hospital and telling consumers they are entitled to a refund due to the cyberattack.  To receive the refund you must first give the scammer your credit card number.  This is probably the first of many scams that will result from this data breach.  Remember not to answer your phone to unknown phone numbers, click on unknown links in text messages or email, and do not provide your credit card number or any personal information to anyone.  If the person on the other end of the phone purports to be from a hospital, doctor’s office, or insurance company, call the business entity directly.  

Change Healthcare is offering free credit monitoring and identity theft protections but freezing your credit is the best option to protect you from this data breach as well as in the future.  To freeze your credit you must initiate the freeze separately with all three credit reporting bureaus, and it may be done online, on the phone, or by mail. 

Equifax, P.O. Box 105788, Atlanta, GA 30348 or 800-685-1111 

Experian, P.O. Box 9554, Allen, TX 75013 or 888-397-3742

TransUnion, P.O. Box 160, Woodlyn, PA 19094 or 888-909-8872

A credit freeze will not affect any existing credit lines, and will only need to be unlocked if you are attempting to obtain a new line of credit.   Also, remember to check your credit report at or 877-322-8228, and request the report be pulled from each of the three credit bureaus. 

The Change Healthcare data breach serves as a sobering reminder of the pervasive threat posed by cyberattacks and the profound impact they have on consumers.  From the risk of identity theft and financial loss to the erosion of privacy and trust, the consequences of such breaches are far-reaching and multifaceted.