Third-party data breach impacts users of WSU Pullman pharmacy

According to national news media reports, healthcare providers nationwide have been impacted by a cybersecurity incident related to a common application used to submit and process health insurance claims. The third-party service provider, Change Healthcare, has indicated that a substantial portion of the American public could have had their personal information compromised in this attack.

What happened?

On February 21, 2024, Change Healthcare became aware that its computer system had been compromised by a cybercriminal.

On June 20, 2024, Washington State University (WSU) received notification from Change Healthcare that personally identifiable health information for some WSU Pullman students and others who used the Cougar Health Services pharmacy may have been included in the breach. Change Healthcare did not provide names of individuals who may have had their information compromised.

What information has been exposed?

Change Healthcare cannot confirm exactly what data was affected for each impacted individual, but the data that may have been accessed by unauthorized parties included contact information (such as first and last name, address, date of birth, phone number, and email) and one or more of the following:

  • Health insurance information (such as primary, secondary or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers),
  • Health information (such as medical record numbers, providers, diagnoses, medicines, test results, images, care and treatment),
  • Billing, claims and payment information (such as claim numbers, account numbers, billing codes, payment cards, financial and banking information, payments made, and balance due), and/or
  • Other personal information such as Social Security numbers, driver’s licenses or state ID numbers, or passport numbers.

What steps can I take to protect myself?

While Change Healthcare is still investigating whose personal information may have been involved, and WSU is waiting to obtain a list of affected individuals from Change Healthcare, there are steps you can take to protect yourself:

  • If you believe your information may have been impacted by this incident, you can enroll in two years of complimentary credit monitoring and identity protection services. Change Healthcare is paying for the cost of these services for two years.
  • Be on the lookout and regularly monitor the explanation of benefits statements received from your health plan and statements from healthcare providers, as well as bank and credit card statements, credit reports, and tax returns, to check for any unfamiliar activity.
  • If you notice any healthcare services you did not receive listed on an explanation of benefits statement, you should contact your health plan or doctor.
  • If you notice any suspicious activity on bank or credit card statements or on tax returns, you should immediately contact your financial institution and/or credit card company or relevant agency.
  • If you believe you are the victim of a crime, you can contact local law enforcement authorities and file a police report.

You may have additional rights available to you depending on the state you live in.

Visit the Change Healthcare Notice of Data Breach website for more information and details on resources the company is making available to impacted individuals.

For more information

Read the Notice of Data Incident Letter

If you have questions for the WSU Cougar Health Services Pharmacy regarding this incident, please contact Joseph Santos, Quality Assurance and Compliance Coordinator for Cougar Health Services at incident.notification@wsu.edu.

The link to the Change Healthcare Notice of Data Breach website above provides contact information for Change Healthcare.

Moving forward

Washington State University will continue to update this webpage as new information becomes available from Change Healthcare.