Attorney Advertising  ·  The Alvarez Law Firm  ·  Coral Gables, FL

Now accepting new filers for the Change Healthcare breach. Check if you qualify — free, 2 minutes.
LAWSUIT
Loop
Stay in the Loop
Lawsuit News / Settlements / Recalls
LAWSUIT
Loop
See If You Qualify
Home  /  Data Breach  /  Change Healthcare Lawsuit
Now Accepting Data Breach

Patients and Healthcare Workers Whose Information Was Stolen in the Change Healthcare Hack May Be Owed Money After Massive Data Breach

In February 2024, hackers broke into Change Healthcare — a company that processes roughly one in three medical insurance claims in the United States — exposing the private records of an estimated 190 million Americans.

By the Lawsuit Loop Editorial Team · Reviewed by TALF Legal · Published Apr 7, 2026 · 7 min read · Updated regularly
Stock image — not an actual client
Free Case Check · 2 Minutes Private · No fee unless you win

See if you qualify for this lawsuit

Quick form — a real person will review your info and reach out if you may have a case.

In February 2024, hackers broke into Change Healthcare — a company owned by UnitedHealth Group that processes roughly one-third of all medical insurance claims in the United States. The attack shut down healthcare payment systems across the country for weeks and exposed the private records of an estimated 190 million Americans — making it the largest healthcare data breach in U.S. history.

The stolen data includes medical diagnoses, prescription history, Social Security numbers, health insurance information, and financial data. UnitedHealth Group confirmed the breach and acknowledged paying a ransom to the hackers.

Lawsuits allege that UnitedHealth Group and Change Healthcare failed to protect sensitive data with adequate security measures.

What the Change Healthcare Lawsuit Is About

Change Healthcare is a subsidiary of UnitedHealth Group's Optum division. It acts as a clearinghouse — processing and routing medical claims between doctors, hospitals, pharmacies, and insurance companies. Because of this role, it holds an enormous amount of sensitive health and personal information about hundreds of millions of Americans.

The February 2024 attack was carried out by a ransomware group known as ALPHV/BlackCat. According to UnitedHealth Group's Congressional testimony in May 2024, the attackers accessed Change Healthcare's systems through a remote access portal that lacked multi-factor authentication — a basic security measure widely considered standard in the industry.1

The attack disrupted healthcare billing nationwide for weeks. Hospitals, pharmacies, and clinics couldn't process claims. Patients were denied medications and care. And the personal and medical data of nearly 190 million people — confirmed by HHS in January 2025 — was exposed.2

Who May Qualify

You may qualify if either of these applies to you:

  1. You received a notification letter telling you your information was exposed in the Change Healthcare breach, OR
  2. You used a doctor, pharmacy, hospital, or other healthcare provider between January and March 2024, whose claims were processed through Change Healthcare — and your personal or medical data may have been exposed.

You do not need to have experienced fraud or identity theft yet. The exposure of your private medical and personal information is the harm.

Think You May Qualify?

Takes about two minutes — fill out the free form below.

Tell us your situation. A real person will review it and reach out if you may have a case.

Start Free Case Check →

What Could This Mean for You?

If you qualify, you may be owed money for the exposure of your private health and personal information, the stress and time spent monitoring your credit and identity, and other harm caused by the breach.

We will not quote individual amounts. What any case may be worth depends on the specific harm suffered and how the courts handle these cases. The case check is free and costs you nothing to start.

Filing Deadline

Statutes of limitations on data breach cases vary by state — typically ranging from one to three years from when you knew or should have known about the breach. Since this breach was publicly disclosed in 2024, deadlines in some states may be approaching. Don't wait.

Free Case Check · Secure Intake No fee unless you win

How the Process Works

  1. Fill out the free form — no cost, no commitment.
  2. A lawyer reviews whether your information was likely affected.
  3. If you qualify, attorneys work on contingency — you pay nothing unless you receive money.
  4. Your case is handled while you stay in control of your information.

Common Questions

I never got a notification letter — could I still be affected?

Yes. Millions of people whose data was exposed have not yet received individual notifications. If you visited a doctor or pharmacy in early 2024, your data may have passed through Change Healthcare.

What if I've already frozen my credit?

Taking protective steps doesn't prevent you from seeking compensation for the breach itself.

Does this apply to healthcare workers, not just patients?

Yes. Healthcare professionals whose information was also stored in Change Healthcare systems may qualify.

Is UnitedHealth responsible even though hackers did the actual attack?

Lawsuits allege UnitedHealth failed to meet basic cybersecurity standards — including not having multi-factor authentication on the attacked portal. Companies that hold sensitive data have a legal obligation to protect it.

I have Medicare or Medicaid — does this apply to me?

If your claims were processed through Change Healthcare, yes.

Sources

  1. UnitedHealth Group CEO Andrew Witty. Congressional testimony before Senate Finance Committee, May 2024. Witty confirmed the attackers accessed systems through a remote access portal lacking multi-factor authentication.
  2. U.S. Department of Health and Human Services, Office for Civil Rights. "Change Healthcare Cybersecurity Incident." HHS OCR Breach Report update, January 2025: confirmed approximately 190 million individuals affected — the largest healthcare data breach in U.S. history.
  3. U.S. Department of Health and Human Services, Office for Civil Rights. "Change Healthcare Cybersecurity Incident." 2024–2025. Available at hhs.gov.
Start Your Free Case Check

Find out if you qualify — right now

Fill out the form below. A real person reviews every submission and will reach out if you may have a case.

Private & secure

Reviewed only by our team. Never sold.

No fee unless you win

You pay nothing out of pocket. Ever.

Real review of your case

A real person reads every submission, not a bot.

Don't wait — deadlines apply

State filing windows vary. Sooner is always better.

Secure Intake Form 2 minutes · Free

Related Lawsuits

Toxic Exposure

Hair Relaxer & Uterine Cancer Lawsuit

Women who used chemical hair relaxers regularly and later developed uterine cancer may qualify.
Data Breach

AT&T Data Breach Settlement

AT&T customers whose records were exposed in 2024 may be eligible for a payout.
Data Breach

MOVEit File Transfer Hack

Over 100 million people had data stolen through a flaw in widely used file transfer software.
See If You Qualify See If You Qualify — Free