UnitedHealth Sued Over February Data Breach Affecting Millions

UnitedHealth Group Inc. and its subsidiary Change Healthcare Inc. failed to protect the personal and health information of millions of patients in connection with a February ransomware attack and data breach, a proposed federal class action said.

Nicolas Keriazis alleged that UnitedHealth failed to implement reasonable security procedures and practices, maintain safeguards to detect and prevent phishing attacks, or disclose material facts surrounding its deficient security protocols.

Data exposed in the breach included patients’ names, phone numbers, physical and email addresses, Social Security numbers, medical records, dental records, payment information, claims information, and insurance records, according to a complaint filed ...