UnitedHealth Group has disclosed that the February 2024 ransomware attack on its Change Healthcare subsidiary affected approximately 190 million individuals, nearly double its initial estimate of 100 million. The confirmation, provided to TechCrunch late Friday, makes this the largest medical data breach in U.S. history.
In a statement, UnitedHealth spokesperson Tyler Mason acknowledged the staggering scope of the incident:
“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million.”
The company claims that most affected individuals have already been notified and that the final tally will be reported to the Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services (HHS).
While UnitedHealth insists it has not found evidence of electronic medical record databases surfacing in the breach analysis, vast amounts of personal, medical, and financial data were compromised. The attack disrupted healthcare operations nationwide, impacting payment processing, insurance claims, and pharmacy services for months.
Ransomware attack
The ALPHV (BlackCat) ransomware gang, a notorious Russian-speaking cybercriminal group, orchestrated the attack. The hackers used stolen credentials to gain access through a stolen account that was not protected by multi-factor authentication (MFA), allowing them to infiltrate Change Healthcare’s Citrix portal.
Once inside, the attackers moved laterally across the network, stealing massive amounts of personally identifiable information (PII) and protected health information (PHI). The stolen data includes:
- Full names, addresses, dates of birth, and phone numbers
- Social Security numbers, driver’s license details, and passport numbers
- Medical diagnoses, test results, imaging, and treatment plans
- Insurance claims, policy details, and payment records
- Financial and banking information linked to healthcare transactions
Some of this data was leaked online, and UnitedHealth reportedly paid two separate ransoms to the attackers to prevent further exposure.
Impact on U.S. healthcare
Change Healthcare is a key player in the U.S. medical industry, handling billions of healthcare transactions annually. It processes insurance claims and payments for hospitals, pharmacies, and medical practices, including major entities like Medicare, Tricare, and CVS-Caremark.
The breach led to severe operational disruptions, causing payment delays, prescription processing failures, and financial strain on healthcare providers nationwide. UnitedHealth has since been working with Microsoft, Google, and Palo Alto Networks to strengthen its cybersecurity infrastructure.
With 190 million Americans affected, the breach raises serious concerns about data security in the healthcare sector. Change Healthcare will soon file its final report with HHS, while regulatory scrutiny over UnitedHealth’s cybersecurity practices is expected to intensify.
Those potentially impacted by this data breach are advised to monitor financial and insurance statements for suspicious activity, activate free credit monitoring offered by UnitedHealth, and freeze their credit with major credit bureaus to prevent fraud. It is also recommended that users change passwords, enable MFA on sensitive accounts, and be cautious of phishing attempts that leverage stolen data.
Subaru Flaw Allowed Remote Control of Millions of Cars in the US
Leave a Reply