Cases

On February 21, 2024, Change Healthcare became aware of the deployment of ransomware in its computer system. Change Healthcare retained cybersecurity and data analysis experts to assist in the investigation, which began on February 21, 2024. On March 7, 2024, Change Healthcare was able to confirm that a substantial quantity of data had been exfiltrated from its environment between February 17, 2024, and February 20, 2024. On March 13, 2024, Change Healthcare obtained a dataset of exfiltrated files that was safe to investigate and began preliminary targeted analysis. On April 22, 2024, following analysis, Change Healthcare publicly confirmed the impacted data could cover a substantial proportion of people in America.  The stolen information included health information, billing, claims, and payment information (such as claim numbers, account numbers, billing codes, payment cards, financial and banking information, payments made, and balance due) , and/or other personal information such as Social Security numbers, driver’s licenses or state ID numbers, or passport numbers.

On July 29, 2024, Change Healthcare began mailing written notices to individuals affected by the incident. Mason LLP will be representing its clients individually in a mass action.  Like a class action lawsuit, a mass action allows a group of consumers to share resources so they can take action against a company over an alleged wrongdoing. The main difference is Mason LLP has a direct relationship with each of its clients.