Timeline set for Change Healthcare’s motion to dismiss in data breach case

A federal judge has set deadlines for Change Healthcare’s motion to dismiss claims in lawsuits over a data breach affecting millions.

What happened

A U.S. District Judge overseeing the growing litigation against Change Healthcare has set a deadline for the company to file any motion to dismiss certain claims. The court has ordered Change Healthcare to submit its motion by March 21, with plaintiffs’ responses due by April 25 and a final reply from defendants expected by May 23.

The lawsuits stem from a massive data breach disclosed in February 2024, in which hackers accessed sensitive information for millions of individuals, including Social Security numbers, medical records, insurance details, and other personal data.

Going deeper

Change Healthcare, a subsidiary of UnitedHealth, assists in processing healthcare transactions. Some reports suggest that one in three Americans has had their private health data pass through the company’s systems.

Since the breach, UnitedHealth and Change Healthcare have faced legal action from both individual consumers and medical providers. Healthcare facilities that rely on Change Healthcare’s services were unable to process insurance claims for an extended period, causing severe business disruptions.

To handle the increasing number of lawsuits, the litigation has been consolidated into a multidistrict litigation (MDL) in the District of Minnesota, with Judge Donovan Frank overseeing proceedings.

UnitedHealth has already indicated plans to seek the dismissal of some claims based on various legal arguments. However, the company is simultaneously engaged in settlement discussions, hoping to resolve disputes without prolonged litigation.

What was said

Judge Frank’s court order lays out a structured timeline for the motion to dismiss, including specific page limits. Despite the motion to dismiss, Judge Frank has also signaled the possibility of bellwether trials if a settlement is not reached. These test cases would help both sides gauge how juries respond to legal arguments and evidence. The next status conference between the parties is scheduled for April 17.

The big picture

The Change Healthcare breach is a major test of how healthcare companies handle patient data and respond to security failures. With millions affected, the lawsuits could set new standards for accountability and data protection. The outcome, whether through dismissal, settlement, or trial, could shape the future of healthcare cybersecurity and patient privacy.

FAQs

What is the Change Healthcare data breach about?

In February 2024, hackers accessed sensitive personal and medical data of millions of individuals through Change Healthcare, a subsidiary of UnitedHealth, disrupting healthcare operations nationwide.

What types of lawsuits have been filed?

Both consumers and healthcare providers have sued Change Healthcare, alleging negligence, privacy violations, and financial damages due to service disruptions.

What does the motion to dismiss mean for the lawsuits?

Change Healthcare is seeking to dismiss certain claims, arguing they lack legal merit. The judge has set deadlines for filing, responses, and replies before deciding whether the case will proceed in full or in part.

Could the case go to trial?

If a settlement isn’t reached, the judge has indicated the possibility of bellwether trials, which would test key legal arguments before a jury.

How could this case impact healthcare data security?

The outcome may set a precedent for company liability in data breaches, influencing how healthcare firms manage cybersecurity and respond to future incidents.