United Health confirms largest ever US healthcare data breach, says 100 million users had info stolen

Change Healthcare ransomware breach is every bit as damaging as we thought

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The number of people affected by the Change Healthcareransomwareattack earlier in 2024 is now thought to have affected around 100 million people, new reports have confirmed.

Theattack on Change Healthcare took place in February 2024, and is now thought to be the most disruptive ransomware attacks ever to strike the US healthcare industry after the US Department of Health and Human Services Office for Civil Rights updated the number on its data breach portal to 100 million.

“On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach,” the Office for Civil Rights stated on its FAQ page.

Reader Offer: Save up to 68% on Aura identity theft protectionTechRadar editors praise Aura’s upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

Major breach

The attack saw an affiliate of the dreaded ALPHV ransomware organization (AKA BlackCat) breach Change Healthcare to steal 6TB of sensitive customer data.

The information stolen included health insurance information (health plans and policies, insurance companies, different ID numbers, Medicaid-Medicare-government payor ID numbers), health information (medical record numbers, diagnoses, tests and results, care and treatment data, medicines), billing, claims, and payment information (claim numbers, account numbers, payment cards, financial and banking information, and more), and other personally identifiable information (Social Security Numbers, driver’s license numbers, and more).

Change Healthcare ended up paying $22 million in ransom in exchange for the data. The money never made it to the affiliates responsible for the attack, and was instead grabbed by the ransomware’s operators (who were only to receive a portion of the payment), which later shut down its infrastructure and disappeared, leaving the affiliate holding the data.

That affiliate later started their own ransomware operation and are today known as RansomHub - and since RansomHub never posted the stolen data, many speculate that a second ransom may have been paid.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The cyberattack sent ripples throughout the healthcare system, preventing doctors and pharmacies from filing claims, and preventing pharmacies from accepting discount cards.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

Alien: Romulus gets a Hulu release date but there’s still no word on when it’s coming to Disney Plus