In February 2024, a ransomware attack on Change Healthcare, a subsidiary of UnitedHealth, resulted in one of the largest medical data breaches in U.S. history. Initially estimated to affect around 100 million people, the breach ultimately impacted approximately 190 million individuals, according to UnitedHealth’s recent confirmation. The stolen data, which included personal details such as names, addresses, Social Security numbers, phone numbers, and medical records, was linked to health insurance and patient claims information. This massive breach was attributed to the ALPHV ransomware group, a notorious Russian-language cybercrime syndicate.
The breach led to significant disruptions in the U.S. healthcare system, particularly in the processing of healthcare claims and patient data management. Change Healthcare, which handles a large portion of health data and insurance claims in the U.S., was forced to deal with months of outages due to the attack.
During this time, cybercriminals responsible for the breach released some of the stolen information online, prompting the company to pay at least two ransoms to prevent further data leaks.
UnitedHealth clarified that, despite the scope of the breach, it had not seen any misuse of the affected individuals’ data and had not found electronic medical records among the compromised files. The breach was traced back to the attackers using stolen account credentials that lacked multi-factor authentication protection, which enabled the infiltration of Change Healthcare’s systems. The company stated that the breach was ongoing as of the latest reports and that further investigations are still underway.
In response to the attack, UnitedHealth notified the impacted individuals and confirmed that it would file an updated breach report with the Office for Civil Rights. The breach has raised concerns about the cybersecurity vulnerabilities in the healthcare sector, particularly regarding the use of unsecured account credentials and the growing sophistication of ransomware groups like ALPHV. The company has emphasized its commitment to safeguarding patient information and improving security measures in the aftermath of this unprecedented data breach.