Nebraska Attorney General Mike Hilgers filed a lawsuit last week in Lancaster County District Court against Change Healthcare alleging violations of the state’s Consumer Protection and Data Security Laws.
The complaint stems from a February data breach and subsequent operational shutdown that exposed the personal and electronic protected health information of what the Attorney General’s Office believes to be at least hundreds of thousands of Nebraskans, if not over a million.
The Change Healthcare data breach began on February 11, 2024, when the username and password of a low-level customer support employee were posted in a Telegram group chat notorious for selling stolen credentials. Using these credentials, a hacker accessed Change’s systems through a remote access service called Citrix.
For over nine days, the hacker navigated Change’s systems undetected, creating privileged administrator accounts, installing malware, and exfiltrating terabytes of sensitive data.
The stolen data included Social Security numbers, driver’s license numbers, health insurance information, medical records, billing details, and more. Defendants failed to detect this activity until February 21, 2024, when the hacker deployed ransomware, crippling Change’s systems. In response, Change took its systems offline, effectively shutting down its operations and exacerbating the harm.
The breach caused widespread disruption to Nebraska’s healthcare system, particularly affecting rural hospitals and critical access facilities operating on already thin margins, the Attorney General’s Office said.
:Healthcare providers, including critical access hospitals in rural areas, have unfairly been forced to absorb financial pain, forcing major cash flow issues and, in some cases, delayed services,” Hilgers said in statement. “And to make matters worse, Change has woefully disregarded the duty to provide notice to Nebraskans, depriving them of a fighting chance to be prepared for possible scams and fraud. We’re filing this suit to hold Change accountable.”
The Attorney General’s Office is also calling on Nebraska healthcare providers who may have been affected by this cyberattack to come forward. Providers can submit their contact to the Nebraska Attorney General’s Office at
Source: Nebraska Attorney General’s Office
Was this article valuable?
Here are more articles you may enjoy.
Alabama Prisoners Work at Stores But Not Eligible for Parole or Workers’ Comp 
Investigation Continues After South Florida Boat Explosion Kills 1, Injures 6 
What’s Not Changing in 2025: Homeowners Outlook, Re Retentions 
Senate Says Climate Is Causing Insurance ‘Crisis’; Industry Strikes Back 
