Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

United Health confirms largest ever US healthcare data breach, says 100 million users had info stolen

ID theft.

The number of people affected by the Change Healthcare ransomware attack earlier in 2024 is now thought to have affected around 100 million people, new reports have confirmed.

The attack on Change Healthcare took place in February 2024, and is now thought to be the most disruptive ransomware attacks ever to strike the US healthcare industry after the US Department of Health and Human Services Office for Civil Rights updated the number on its data breach portal to 100 million.

"On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach," the Office for Civil Rights stated on its FAQ page.

Snowflake and MFA

The attack saw an affiliate of the dreaded ALPHV ransomware organization (AKA BlackCat) breach Change Healthcare to steal 6TB of sensitive customer data.

The information stolen included health insurance information (health plans and policies, insurance companies, different ID numbers, Medicaid-Medicare-government payor ID numbers), health information (medical record numbers, diagnoses, tests and results, care and treatment data, medicines), billing, claims, and payment information (claim numbers, account numbers, payment cards, financial and banking information, and more), and other personally identifiable information (Social Security Numbers, driver’s license numbers, and more).

Change Healthcare ended up paying $22 million in ransom in exchange for the data. The money never made it to the affiliates responsible for the attack, and was instead grabbed by the ransomware’s operators (who were only to receive a portion of the payment), which later shut down its infrastructure and disappeared, leaving the affiliate holding the data.

That affiliate later started their own ransomware operation and are today known as RansomHub - and since RansomHub never posted the stolen data, many speculate that a second ransom may have been paid.

The cyberattack sent ripples throughout the healthcare system, preventing doctors and pharmacies from filing claims, and preventing pharmacies from accepting discount cards.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.