Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
UnitedHealth has confirmed a ransomware attack on its Change Healthcare unit last February affected an estimated 190 million Americans – nearly double the previous estimate.
The US insurance giant confirmed the latest number to TechCrunch on Friday after the markets closed.
“Change Healthcare has determined that the number of people affected by the Change Healthcare cyberattack is approximately 190 million,” said Tyler Mason, a UnitedHealth Group spokesperson in an email to TechCrunch. “Many of these people have already been given personal or substitute information. The final number will be confirmed and submitted to the Office for Civil Rights at a later date.”
A UnitedHealth spokesperson said the company “is not aware of any misuse of personal information as a result of this incident and has not seen the medical records exposed in the investigation.”
The February 2024 Cyberattack was the largest breach of medical information in US history and resulted in months of disruption to US medical services. Change Healthcare, a healthcare technology giant and subsidiary of UnitedHealth, is one of the leading providers of health care, medical information, and patient records; it is also one of the largest producers of medical claims in the United States.
A data breach resulted theft of health and insurance informationsome of them were published on the Internet by hackers who claimed to be the perpetrators of the violations. Change Healthcare was subsequently paid at least two to prevent further transmission about the stolen files.
UnitedHealth already enter the number of people affected about 100 million people when the company submitted its findings to the Office for Civil Rights, a division under the US Department of Health and Human Services that investigates data breaches.
In its data breach notification, Change Healthcare said the attackers stole names and addresses, dates of birth, phone numbers, email addresses, and government identification including Social Security numbers, driver’s license numbers and passports. The stolen health data includes diagnoses, medications, test results, imaging, care and treatment, and health insurance information. Change said the data also includes financial and banking information found in patient complaints.
The violation was due to the ALPHV ransomware groupRussian-language Internet crime syndicate. According to UnitedHealth Group CEO Andrew Witty’s testimony to lawmakers last year, hackers breached Change’s systems by using stolen credentials. not protected by multi-factor authentication.
