Change Healthcare data breach class action lawsuits overview:
- Who: Consumers hit Change Healthcare Inc. with multiple class actions over a February data breach.
- Why: The plaintiffs claim Change Healthcare failed to protect their private information.
- Where: The class action lawsuits were filed in Tennessee and California federal courts.
Change Healthcare bears responsibility for a February data breach that exposed the personally identifiable and protected health information of consumers, a trio of new class action lawsuits alleges.
The class action lawsuits claim Change Healthcare failed to prevent the cyberattack, which it attributes to the ransomware gang ALPHV/BlackCat.
Consumers argue the data breach puts them at risk of identity theft and claim the incident would not have happened if not for Change Healthcare’s negligence.
“Plaintiff’s and Class Members’ identities are now at risk because of Defendant’s negligent conduct because the Private Information that Defendant collected and maintained is now in the hands of data thieves,” one of the class action lawsuits states.
The consumers want to represent a nationwide class of individuals whose private information was compromised in the data breach, with one complaint including an Illinois subclass and another including a Florida subclass.
Change Healthcare had duty to protect private data, class actions say
The plaintiffs argue Change Healthcare failed to place adequate safeguards to protect their private data from the cyberattack despite having a “duty” to do so.
“The Data Breach was a direct result of Defendant’s failure to implement adequate and reasonable cybersecurity procedures and protocols necessary to protect patients’ Private Information from a foreseeable and preventable cyberattack,” one of the class action lawsuits states.
The class action lawsuits claim Change Healthcare is guilty of unjust enrichment, breach of implied contract, negligence and negligence per se, along with violations of laws in the states of Florida, Illinois and California.
The plaintiffs demand a jury trial and request declaratory and injunctive relief and awards of actual, compensatory, statutory, punitive, nominal and consequential damages for themselves and all class members.
In addition to exposing consumer information, the Change Healthcare cyberattack disrupted pharmacy and health system operations nationwide.
Were you affected by the Change Healthcare data breach? Let us know in the comments.
The Change Healthcare data breach class action lawsuits are Allen, et al. v. Change Healthcare Inc., Case No. 3:24-cv-00263, and Lemke, et al. v. Change Healthcare Inc., et al., Case No. 3:24-cv-00302, in the U.S. District Court for the Middle District of Tennessee and
Medina, et al. v. Change Healthcare Inc., Case No. 2:24-at-00293, in the U.S. District Court for the Eastern District of California.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
NEC lawsuit: Families take action against Enfamil and Similac baby formula makers
September 10, 2025 | Legal News
136 thoughts onChange Healthcare faces multiple class actions over data breach
I was involved in that database with a chance I even have a letter from them in regards to that but I told her they weren’t any they only pay anybody money they just give you 2 years if I didn’t accept and protection through idx I believe I have my number that’s on the information send me but I didn’t get mine until January this year so you can let me know when you need help me with this or not to be great
I was severely affected by this breach by Change Health Care. My bank account was depleted 3 ir 4 times. My social security check was attempted to be rerouted. There’s some identity me in California.
I believe this started happening in 2021. When the new Health Care Syst updated their programs whereas any Health Care provider could access anyone’s medical files, by simply using just their name and birthdate. Because my daughter’s nurse practitioner told us about it. And she accessed my files and I wasn’t even her patient or a member of that clinic. Just my children were supposed to attend and they only had one visit. That was our 1st and last visit.
I’m really pissed off! They not only exposed my mom data, BUT MINE AS WELL! Because I have medical power of attorney, my info is connected with her’s. And that IDX identity protection company that we’ve all been referred to is useless! It’s a token attempt at making it look like they’re doing something about it, ONLY THEYRE NOT! Looks like a loan might have been taken out in mom’s name, and possibly mine as well! I need a lawyer at this point, but I have no idea who to call. If anyone has some insight on this matter, please let me know. I’m so upset right now. One of my main questions is this, WHY DID IT TAKE THEM SO LONG TO LET US KNOW?!
Received a letter indication my information was involved in a data breach. It took them quite awhile to notify me though!!
Same here, almost looks like an attempt to hide what happened or possibly clean up some of their mess so we wouldn’t get the entire truth of the matter, doesn’t it?
Affected by Change Healthcare leak and received letter