The UnitedHealthcare data breach stemming from the Change Healthcare cyberattack has reached a staggering 190 million individuals, almost doubling the initial estimate.
UnitedHealthcare data breach update reveals a massive compromise of sensitive personal and healthcare data. In October 2024, UnitedHealth initially reported 100 million affected to the US Department of Health and Human Services Office for Civil Rights.
However, a recent confirmation to TechCrunch drastically increased that figure.
“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million”
Change Healthcare statement to TechCrunch
“The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date.” Change Healthcare added
Details of the Compromised Data in the UnitedHealthcare Data Breach
UnitedHealthcare data breach involved sensitive information including health insurance details, medical records, billing and payment information, phone numbers, addresses, and in some cases, Social Security Numbers and government IDs.
Despite UnitedHealth stating no evidence of misuse, the sheer volume of stolen data is alarming. The UnitedHealthcare data breach is now considered the largest healthcare data breach in US history.
Change Healthcare Ransomware Attack 2024: Ties That Bind
ALPHV affiliate claiming they were scammed by BlackCat
source: Dmitry Smilyanets
The breach originated from a February 2024 ransomware attack on Change Healthcare, a UnitedHealth subsidiary.
The BlackCat (ALPHV) ransomware gang exploited stolen credentials to penetrate Change Healthcare’s Citrix remote access service, which lacked multi-factor authentication.
The attackers stole 6 TB of data and encrypted computers, disrupting healthcare services nationwide. Doctors and pharmacies faced significant challenges in filing claims and processing prescriptions.
Financial Fallout from Change Healthcare Cyber Attack
UnitedHealth confirmed paying a ransom, reportedly $22 million, to obtain a decryptor and prevent data release. However, the BlackCat group unexpectedly shut down in an exit scam, keeping the ransom.
The attackers then partnered with RansomHub, leaking some data and demanding further payment. The RansomHub entry later disappeared, suggesting a second ransom payment.
The Change Healthcare Cyber Attack also resulted in significant financial losses: UnitedHealth reported $872 million in losses in April 2024, escalating to an expected $2.45 billion by September 30, 2024.