UnitedHealth Reveals Massive Data Breach: 100 Million Records Stolen from Change Healthcare

It’s official: over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, making it the largest healthcare data breach in recent years. UnitedHealth, the parent company of Change Healthcare, has finally confirmed this staggering number.

Just imagine that: “maybe a third” of all Americans’ health data was exposed in this attack, as UnitedHealth CEO Andrew Witty warned during a congressional hearing in May. This is a massive breach that has affected a “substantial proportion of people in America.”

So, what exactly was stolen during this ransomware attack? According to data breach notifications sent by Change Healthcare, the sensitive information includes health insurance details, medical history, billing and payment info, and other personal data like Social Security numbers and driver’s license numbers. Not everyone’s complete medical history was exposed, but still, the sheer scale of this breach is alarming.

How did the Change Healthcare ransomware attack happen?

In February, the UnitedHealth subsidiary Change Healthcare fell victim to a ransomware attack that led to widespread outages in the U.S. healthcare system. The culprits? The BlackCat ransomware gang, aka ALPHV, who used stolen credentials to breach the company’s Citrix remote access service, which did not have multi-factor authentication enabled.

During the attack, the criminals stole a whopping 6 TB of data and encrypted computers on the network. This caused the company to shut down IT systems to prevent further damage. In the aftermath, doctors and pharmacies were unable to file claims, and patients were forced to pay full price for medications because pharmacies couldn’t accept discount prescription cards.

UnitedHealth Group ended up paying a ransom demand of allegedly $22 million to receive a decryptor and ensure the stolen data would be deleted. However, the ransomware gang pulled a fast one: they suddenly shut down and stole the entire payment for themselves, leaving Change Healthcare’s data in the hands of a rogue affiliate.

As if that wasn’t enough, the affiliate partnered with a new ransomware operation named RansomHub and began leaking some of the stolen data, demanding an additional payment for the data not to be released. It’s unclear whether United Health paid a second ransom demand, as the entry for Change Healthcare on RansomHub’s data leak site disappeared a few days later.

The financial toll of this attack has been enormous. UnitedHealth reported in April that the ransomware attack caused $872 million in losses, which increased to an expected $2.45 billion for the nine months to September 30, 2024, as part of their Q3 2024 earnings.

What can we learn from this massive breach?

This incident highlights the importance of strong cybersecurity measures, especially in the healthcare industry. We must prioritize the protection of sensitive data and invest in robust security systems to prevent future attacks. It’s time for all of us to take cybersecurity seriously.

Stay informed and keep coming back to learn more about the latest cybersecurity news, threats, and best practices. Together, we can work towards a safer digital landscape. If you have any questions or concerns about your organization’s security, don’t hesitate to reach out to us. We’re here to help.