Monument Health has become the latest healthcare provider to report its fallout due to the Change Healthcare data breach that was discovered in February 2024.
What happened
Monument Health recently informed approximately 26,000 of its patients that their sensitive information may have been compromised due to a data breach at one of its vendors, Change Healthcare. This breach, which occurred as a result of a ransomware attack on February 21, 2024, exposed sensitive data, including personal and health information. Change Healthcare notified Monument Health about the breach on December 16, 2024, leading Monument Health to take immediate action to protect and inform the affected patients.
What was said
Monument Health encourages patients affected by the breach to keep a close eye on their credit reports and account information for any signs of unusual activity. In case any suspicious activity is detected, patients should immediately reach out to the financial institution where the account is held. Additionally, Change Healthcare is extending free credit monitoring and identity theft protection services to everyone, regardless of their direct involvement in the breach.
Why it matters
The breach at Change Healthcare impacting Monument Health is not an isolated incident. Monument Health experienced a similar data breach in September 2023 with another vendor, DMS, which also compromised patient information. These recurring breaches for Monument Health show the cascading effects of vendor data breaches.
The big picture
The Monument Health data breach is directly tied to the larger Change Healthcare breach discovered in February 2024. Sensitive patient information, including medical records and insurance details, has been compromised, raising concerns about the security of healthcare data. This ongoing investigation raises questions about data security practices within healthcare organizations and the management of their vendors. The breach has triggered concerns over identity theft and fraud risks for affected patients, emphasizing the need for improved cybersecurity measures and vigilant oversight in the healthcare sector.
Related: How AI and automation are changing the face of HIPAA compliance
FAQs
What was the Change Healthcare data breach?
The Change Healthcare data breach occurred as a result of a ransomware attack on February 21, 2024. This breach exposed sensitive patient data, including personal and health information. The breach affected various healthcare organizations, including Monument Health, which has since informed approximately 26,000 patients of potential exposure.
Read more: Unpacking the Change Healthcare cybersecurity incident: FAQs
What steps is Monument Health taking to protect patients?
Monument Health is advising affected patients to monitor their credit reports and financial accounts for any signs of unusual activity. The health provider is also working with Change Healthcare to ensure proper security measures are in place and offering support to affected individuals.
What can patients do to protect themselves?
Patients are encouraged to stay vigilant by monitoring their credit and financial accounts. They should report any suspicious activity to their financial institution and take advantage of the credit monitoring services offered by Change Healthcare.
