The HIPAA Journal reports:
A District Court Judge has set a March 2025 deadline for Change Healthcare to file motions to dismiss certain claims raised in multiple complaints in response to its February 2024 ransomware attack and data breach.
In February 2024, Change Healthcare suffered a ransomware attack that resulted in file encryption and the theft of the protected health information of an estimated 190 million individuals. The stolen data included names, contact information, dates of birth, Social Security numbers, and medical information, and is the largest healthcare data breach ever reported. The attack resulted in an outage that lasted for several weeks, and severely hampered claims processing, causing massive disruption to providers’ revenue cycles.
Many lawsuits were filed in response to the data breach by individuals who had their data stolen in the attack, as well as by providers affected by the prolonged outage of Change Healthcare’s systems. The lawsuits were consolidated in federal multi-district litigation due to the common questions of fact and law. The MDL is being heard by U.S. District Court Judge Donovan Frank in the District of Minnesota.
Read more at The HIPAA Journal.
