Change Healthcare, Inc., Customer Data Security Breach Litigation
The causation theory is based on systemic cybersecurity vulnerabilities exploited by ransomware, which encrypted and exfiltrated sensitive healthcare data. The breach was facilitated by inadequate security measures, such as insufficient patching, poor access controls, and social engineering tactics like phishing. The exposure of PHI and PII directly led to injuries including identity theft, financial fraud, and emotional distress, as victims' sensitive information was used maliciously or sold on dark web platforms.
146
Pending actions
161
Total actions filed
Active
Status
06/07/2024
Established
Who qualifies
Individuals affected by the breach who experienced damages such as identity theft, financial fraud, or emotional distress resulting from the exposure of their PHI and PII. Plaintiffs must demonstrate that they suffered tangible harms directly attributable to the breach, including documented financial losses or psychological impact. The breach involved ransomware encryption and data exfiltration, leading to exposure of sensitive health and personal data, which facilitated subsequent harms.
Products involved
- Change Healthcare's healthcare data management systems
- Cybersecurity infrastructure of Change Healthcare
Alleged injuries
- Identity theft
- Financial losses
- Credit monitoring costs
- Emotional distress
This page is generated from the official JPML pending-MDL report and public court records, refreshed monthly. It is provided for attorney reference and is not legal advice.