UnitedHealth Group confirmed that the February 2024 ransomware attack on Change Healthcare impacted approximately 190 million individuals in the US, making it the largest medical data breach in the nation’s history.
UnitedHealth Group confirmed that its Change Healthcare unit suffered a massive ransomware attack in February 2024, affecting around 190 million people; nearly double the initial estimate of 100 million. The breach exposed individuals’ protected health information (PHI) and personal data, including Social Security numbers, medical diagnoses, treatments, and financial information.
Hackers infiltrated Change Healthcare’s systems using stolen credentials lacking multi-factor authentication. The attack, attributed to the ALPHV ransomware gang, led to months of system outages across the U.S. healthcare sector. UnitedHealth reportedly paid at least two ransoms to prevent further data publication, although some information was leaked online.
Despite the scale of the data breach, UnitedHealth stated there is no evidence of misuse of the stolen data or its inclusion in electronic medical record databases.
The breach shut down over 100 critical healthcare applications spanning pharmacy, medical records, and payment systems, disrupting claims processing and delaying care.
UnitedHealth quickly mobilized resources to restore systems like electronic prescribing, claims submissions, and payment services. Funding support programs were launched to assist affected providers, while real-time updates were issued to manage the crisis.
Go deeper: Unpacking the Change Healthcare cybersecurity incident: FAQs
According to the UnitedHealth Form 8-K filed on February 22, 2024, with the Securities and Exchange Commission (SEC), “On February 21, 2024, UnitedHealth Group identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems.”
The healthcare industry handles some of the most sensitive personal information, making it a major target for ransomware gangs.
The magnitude of the Change Healthcare attack calls for stricter federal regulations, better enforcement of HIPAA Rules, and increased investment in modern cybersecurity technologies, like zero-trust frameworks and multi-factor authentication.
Beyond the immediate impact on patients, this breach sets a dangerous precedent for how health information can be exploited in the future if cybersecurity remains under-prioritized.
Additionally, with 190 million Americans affected, this incident raises questions about healthcare organizations’ accountability and whether consumers have enough legal protections to hold companies accountable when their data is compromised.
Ransomware is malicious software that encrypts a victim's data, with attackers demanding payment to restore access or prevent data leaks.
Affected individuals must monitor their financial accounts, change passwords, and use the identity theft protection services offered by Change Healthcare.
They can adopt measures like multi-factor authentication, regular audits, employee training, and advanced encryption methods to protect patient data.
Learn more: HIPAA Compliant Email: The Definitive Guide