United Health confirms largest ever US healthcare data breach, says 100 million users had info stolen
Change Healthcare ransomware breach is every bit as damaging as we thought
The number of people affected by the Change Healthcare ransomware attack earlier in 2024 is now thought to have affected around 100 million people, new reports have confirmed.
The attack on Change Healthcare took place in February 2024, and is now thought to be the most disruptive ransomware attacks ever to strike the US healthcare industry after the US Department of Health and Human Services Office for Civil Rights updated the number on its data breach portal to 100 million.
"On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach," the Office for Civil Rights stated on its FAQ page.
Reader Offer: Save up to 68% on Aura identity theft protection
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)
Major breach
The attack saw an affiliate of the dreaded ALPHV ransomware organization (AKA BlackCat) breach Change Healthcare to steal 6TB of sensitive customer data.
The information stolen included health insurance information (health plans and policies, insurance companies, different ID numbers, Medicaid-Medicare-government payor ID numbers), health information (medical record numbers, diagnoses, tests and results, care and treatment data, medicines), billing, claims, and payment information (claim numbers, account numbers, payment cards, financial and banking information, and more), and other personally identifiable information (Social Security Numbers, driver’s license numbers, and more).
Change Healthcare ended up paying $22 million in ransom in exchange for the data. The money never made it to the affiliates responsible for the attack, and was instead grabbed by the ransomware’s operators (who were only to receive a portion of the payment), which later shut down its infrastructure and disappeared, leaving the affiliate holding the data.
That affiliate later started their own ransomware operation and are today known as RansomHub - and since RansomHub never posted the stolen data, many speculate that a second ransom may have been paid.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The cyberattack sent ripples throughout the healthcare system, preventing doctors and pharmacies from filing claims, and preventing pharmacies from accepting discount cards.
Via BleepingComputer
More from TechRadar Pro
- Yet another hacker group demands ransom from Change Healthcare
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.