All active MDLs
MDL 3108Data Privacy & Security

Change Healthcare, Inc., Customer Data Security Breach Litigation

The causation theory is based on systemic cybersecurity vulnerabilities exploited by ransomware, which encrypted and exfiltrated sensitive healthcare data. The breach was facilitated by inadequate security measures, such as insufficient patching, poor access controls, and social engineering tactics like phishing. The exposure of PHI and PII directly led to injuries including identity theft, financial fraud, and emotional distress, as victims' sensitive information was used maliciously or sold on dark web platforms.

MNSr. District Judge Donovan W. FrankMaster docket 0:24-md-3108Source: JPML · Updated July 1, 2026

146

Pending actions

161

Total actions filed

Active

Status

06/07/2024

Established

Who qualifies

Individuals affected by the breach who experienced damages such as identity theft, financial fraud, or emotional distress resulting from the exposure of their PHI and PII. Plaintiffs must demonstrate that they suffered tangible harms directly attributable to the breach, including documented financial losses or psychological impact. The breach involved ransomware encryption and data exfiltration, leading to exposure of sensitive health and personal data, which facilitated subsequent harms.

Products involved

  • Change Healthcare's healthcare data management systems
  • Cybersecurity infrastructure of Change Healthcare

Alleged injuries

  • Identity theft
  • Financial losses
  • Credit monitoring costs
  • Emotional distress

This page is generated from the official JPML pending-MDL report and public court records, refreshed monthly. It is provided for attorney reference and is not legal advice.

MDL Match

Your next intake could have a mass tort hiding in it.

Screen it against 158+ active MDLs. Takes under 60 seconds.

Start matching now