The new news is that they (finally) started formally notifying end-users i.e. insured patients. Five months after notifying regulators [0]. (Although they would have found out informally if they'd had any claims or interactions with providers).
Under the current definition of "notification", the true extent of the harm (to end-user insured/ patients, not to the company or its stock) only becomes apparent when individual patients go check their SSNs, logins, claims, identity theft, credit reports.
One of their providers, Option Care Health INC's SEC 8-K from 03/14/2024 merely says this, it doesn't tell patients which of their details or how many million might have been compromised, or when exactly, or how to go find out:
> Option Care Health, Inc... was informed that Change Healthcare, a subsidiary of UnitedHealth Group, experienced
an incident in which a cybersecurity threat actor gained access to some of its information technology systems. The Company utilizes several applications provided by Change Healthcare for, among other things, verification of benefits for existing and prospective patients, submission of claims to health plans for processing and payment, and application of cash remittances.
At the time of the system disruption on February 21, 2024, Option Care Health disconnected its operations from Change Healthcare applications and has since been working continuously to find alternative processes to help maintain patient care and its overall operations.
Under the current definition of "notification", the true extent of the harm (to end-user insured/ patients, not to the company or its stock) only becomes apparent when individual patients go check their SSNs, logins, claims, identity theft, credit reports.
One of their providers, Option Care Health INC's SEC 8-K from 03/14/2024 merely says this, it doesn't tell patients which of their details or how many million might have been compromised, or when exactly, or how to go find out:
> Option Care Health, Inc... was informed that Change Healthcare, a subsidiary of UnitedHealth Group, experienced an incident in which a cybersecurity threat actor gained access to some of its information technology systems. The Company utilizes several applications provided by Change Healthcare for, among other things, verification of benefits for existing and prospective patients, submission of claims to health plans for processing and payment, and application of cash remittances. At the time of the system disruption on February 21, 2024, Option Care Health disconnected its operations from Change Healthcare applications and has since been working continuously to find alternative processes to help maintain patient care and its overall operations.
[0]: US health tech giant Change Healthcare hit by cyberattack - Feb 21, 2024 https://news.ycombinator.com/item?id=39479930
[1]: https://investors.optioncarehealth.com/static-files/912a9cbc...