A magistrate judge assigned to assist with pretrial proceedings in all federal Change Healthcare lawsuits has indicated that she, along with a law clerk, were recently notified that they were affected by the massive data breach that launched the litigation.
The Change Healthcare data breach was first disclosed in February 2024, when the company reported that hackers had gained access to the names, Social Security numbers, dates of birth, addresses, medical records, insurance details and other sensitive data for up to 100 million individuals.
While Change Healthcare is not well known among most U.S. consumers, it provides critical software, analytics and services for medical providers throughout the healthcare system, and some estimates suggest that one out of every three Americans has their private health information pass through the company’s servers.
Over the past six months, there has been an influx of Change Healthcare data breach class action lawsuits filed throughout the federal court system, each raising similar allegations that cybersecurity failures allowed hackers to access personal identifying and medical information.
Given common questions of fact and law raised in the claims, a federal multidistrict litigation (MDL) has been established in the District of Minnesota, where U.S. District Judge Donovan Frank is presiding over coordinated discovery and pretrial proceedings. However, the size and scope of the litigation continues to increase as individuals receive Change Healthcare notices about the data breach on a rolling basis.