On February 21, Change Healthcare was the subject of a cybersecurity incident that impacted the submission and payment of some health insurance claims and pharmacy benefits. Change is the largest processor of medical claims in the United States. The incident resulted in a slowing of claims processing for pharmacy and other health claims. The immediate impacts of the incident are primarily affecting healthcare providers and pharmacies rather than consumers although there may be some delay in getting prescriptions filled. The DC Department of Insurance, Securities and Banking (DISB) is monitoring the situation.
There have been reports of scammers reaching out to consumers claiming to be hospital representatives and requesting information because of the incident. See information from the U.S. Department of Health and Human Services on the cyber incidents.
Be Proactive
- Update your passwords right away. If you have reused your password on multiple sites in the past, it is important to update all your old passwords. Use a strong password. A strong password usually consists of at least eight to 12 characters. This should contain a mixture of letters, numbers, and symbols (if they are permitted). Never include personal information in your passwords.
- Opt-in to two-factor authentication or two-step verification when available. Two-factor authentication is an extra level of security for your online accounts that requires you to enter an additional piece of identifying information.
- Contact one of the three major credit reporting agencies (Equifax, Experian, or TransUnion) and ask them to place a fraud alert notification on your credit card. The agency you contact will notify the other two agencies to place the same fraud alert notification on your credit card.
- Be on alert when you receive calls, text messages, or emails that appear to be from your insurer or financial institution. Don’t call the number they give you or the number on your caller ID without verification that it is a legitimate number. If you get an email or text message from a company you do business with and you think it’s legitimate, it’s still best not to click on links. Instead, contact your insurer or financial institution directly using a website you know is trustworthy or by calling the phone number provided on a statement or prior correspondence. Don’t give your personal or financial information in response to a request that you didn’t expect. Legitimate organizations won’t call, email or text to ask for your personal information, such as your Social Security, bank account or credit card numbers.
Report Fraud
If you believe you have been the victim of identity theft or financial fraud, contact the DISB Enforcement and Consumer Protection Division at (202) 727-8000. If you have difficulty accessing health care or pharmacy services, file a complaint at disb.dc.gov. You may also file a report with the Federal Trade Commission (FTC) at reportfraud.ftc.gov or call the FTC Consumer Response Center at (877) 382-4357.