Lawsuit claims that the systems were not secure, and exposed personal and financial information

CHICAGO–(BUSINESS WIRE)–#ChangeHealthcare–According to a class action filed by Zimmerman Law Offices PC and DannLaw, in February 2024, Change Healthcare Inc., UnitedHealth Group Inc., UnitedHealthcare Inc., and Optum Inc. identified a suspected cyber security threat actor had gained access to some of the Change Healthcare information technology systems, but they did not identify the intrusion until it was too late, and their systems were knocked out for weeks, grinding the insurance claims process to a halt and preventing the processing and payment of insurance claims. The lawsuit alleges that these entities provide clearinghouse services for healthcare providers and pharmacies to submit electronic claims to insurance companies, and they facilitate the electronic payments from insurance companies to these providers and pharmacies, and, due to the data breach, healthcare providers and pharmacies lost the ability to submit insurance claims and obtain insurance payments.

These companies are large, sophisticated organizations with the resources to deploy robust cybersecurity protocols, but they failed to take adequate measures to ensure that their network servers were protected against unauthorized intrusions, failed to have training practices in place to adequately safeguard their networks, and failed to implement industry standard measures to prevent the data breach, according to the lawsuit.

“This data breach continues to strain healthcare providers and pharmacies financially since they are unable to submit claims or preauthorizations to provide treatment to patients,” said Thomas A. Zimmerman, Jr., who represents the plaintiffs in this matter. “Many providers have to draw down on lines of credit, and the plaintiff in this case had to withdraw funds from her retirement account, to purchase medications, pay operating expenses, and meet payroll,” said attorney Zimmerman.

The case is Sara Lemke, et al. v. Change Healthcare Inc., et al., Court No. 24-cv-302, filed in the U.S. District Court for the Middle District of Tennessee. The lawsuit seeks damages including loss of revenue, loss of time, out-of-pocket expenses, and compensation for the disclosure of personal information. A copy of the complaint is available upon request, as are interviews with the attorneys in this matter.

If you have been impacted by the Change Healthcare data breach, please contact us for more information.


Thomas A. Zimmerman, Jr.
Zimmerman Law Offices PC

(312) 440-0020 telephone

(312) 286-6598 cell

Marc E. Dann

(216) 373-0539