athenahealth Statement on Change Healthcare Cybersecurity Incident

The following contains excerpts from a statement by Bret Connor, Chief Operating Officer at athenahealth, regarding the Change Healthcare cybersecurity incident of February 2024 and its potential impact on athenahealth (GI Associates’ electronic medical record) customers. GI Associates will continue to keep our patients notified as we receive updates.

On Friday, December 6, 2024, Change Healthcare provided formal notification and confirmation (the “Change Notification”) that a subset of athenahealth data maintained on its networks was impacted.

The Change Notification states that patients attributed to athenahealth were impacted but does not include the names of impacted individuals or specify the athenahealth covered entity customers associated with those impacted individuals.

In addition, the Change Notification states that Change Healthcare intends to notify all impacted individuals either directly or through provision of substitute notice posted by the impacted covered entity. Change Healthcare’s standardized substitute notice can be found here: https://www.changehealthcare.com/hipaa-substitute-notice.

While we still do not know which athenahealth customers have been impacted and to what degree, I am reaching out now to maintain our efforts at transparent communication now that we have received this initial data impact notification from Change Healthcare. We will remain in contact as we receive additional information that will inform and facilitate appropriate next steps.