We would like to inform our patients about a recent data breach regarding our clearing house, Change Healthcare, a prominent healthcare technology company which is owned by United Health Group (UHG). This breach affects the personal information of some patients. It involved unauthorized access to certain systems or databases containing sensitive data allegedly due to the failure to maintain a multi-factor authentication (MFA) server, which allowed the hackers to enter their system. While investigations are ongoing, Change Healthcare has taken immediate steps to contain the breach and mitigate its impact to the best of their abilities. Please know that Dillman Clinic & Lab is NOT responsible for the breach and has multiple measures in place to prevent a data breach, and we do have in place, and continue to maintain and utilize, MFA.

We would appreciate it if you would direct any questions you have to the UHG FAQ Page and utilize their contact information (1-866-262-5342, Changecybersupport.com) for any additional questions or comments.

To summarize:

Article related to breach:  Reuters

Link for additional resources: UHG FAQ Page

Link for AG’s response:  MN AG’s Office Response to UHG

For greater detail:
1. Nature of the Breach:

  1. The breach primarily involved unauthorized access to databases or systems storing patients’ personal information.
  2. Types of compromised data may include:
  3. Names
  4. Addresses
  5. Dates of birth
  6. Medical record numbers
  7. Health insurance information
  8. Treatment details
  9. Financial information such as credit card numbers or bank account details is not believed to be compromised at this time.

2. Potential Impact:

  1. The compromised data could be exploited by malicious actors for various purposes, including identity theft, fraud, or phishing attempts.
  2. While there is no evidence of financial information being accessed, patients should remain vigilant for any signs of unauthorized activity.

3. Notification Process:

  1. Change Healthcare will notify affected individuals about the breach through various channels, including mail, email, or phone.
  2. Notifications will include details about the breach, steps patients can take to protect themselves, and available resources for assistance.

4. Steps to Protect Yourself:

  1. Monitor Accounts:  Regularly review bank statements, credit reports, and medical bills for any suspicious activity.
  2. Change Passwords:  If you use online portals or accounts associated with Change Healthcare, consider changing your passwords as a precautionary measure.
  3. Fraud Alerts:  Consider placing fraud alerts on your credit files to alert you if someone tries to apply for credit in your name.
  4. Credit Monitoring Services:  Take advantage of any free credit monitoring services offered by Change Healthcare to detect unusual credit activity.
  5. Identity Theft Protection: Consider enrolling in identity theft protection services to safeguard your personal information and receive alerts for potential misuse.

5. Resources for Assistance:

  1. Customer Support: Change Healthcare will provide contact information for their customer support team or a dedicated helpline to assist affected patients with any questions or concerns.
  2. FAQs and Informational Resources: Look for FAQs or informational resources on Change Healthcare’s website or through other communication channels for additional guidance.
  3. Credit Reporting Agencies: Contact major credit reporting agencies such as Equifax, Experian, and TransUnion to request a free credit report and inquire about fraud alert services.

6. Stay Informed:

  1. Continue to stay informed about developments related to the breach through official communications from Change Healthcare.
  2. Be cautious of phishing attempts or suspicious communications claiming to be from Change Healthcare or related entities. Always verify the authenticity of such communications before responding or providing personal information.


While the Change Healthcare data breach is concerning, proactive steps can help mitigate its impact. By staying informed, monitoring accounts, and utilizing available resources, affected patients can better protect themselves against potential risks associated with the breach.