UnitedHealth Data Breach Affects 190 Million Americans in Largest Healthcare Cyberattack of 2024
Updated Impact Figures
UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the ransomware attack targeting its subsidiary, Change Healthcare. This number is nearly double the 100 million individuals initially disclosed in October 2024.
“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” UnitedHealth told TechCrunch.
The company also stated that most affected individuals have already been notified and confirmed that the final figure will be submitted to the U.S. Department of Health and Human Services Office for Civil Rights at a later date.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
The Stolen Data
The breach exposed an unprecedented volume of sensitive information, including:
- Health insurance details
- Medical records
- Billing and payment data
- Personal information, such as phone numbers, addresses, Social Security Numbers, and government ID numbers
This breach now ranks as the largest healthcare data breach in U.S. history.
Details of the Change Healthcare Ransomware Attack
In February 2024, Change Healthcare, a UnitedHealth subsidiary, suffered a ransomware attack that disrupted the U.S. healthcare system on a massive scale.
Key Attack Details:
- Threat Actors: The BlackCat ransomware gang (also known as ALPHV) was identified as the perpetrator.
- Initial Access: The attackers exploited stolen credentials to access the company’s Citrix remote access service, which lacked multi-factor authentication.
- Data Theft and Encryption:
- 6 TB of data stolen
- Systems for billing, claims, and prescription fulfillment were encrypted.
This attack caused significant disruptions, including:
- Doctors and pharmacies unable to file claims
- Patients forced to pay full price for prescriptions as discount cards were unusable
ALPHV affiliate claiming they were scammed by BlackCat
source: Dmitry Smilyanets
Trending: Offensive Security Tool: Penelope
Ransom Payments and Fallout
Initial Ransom Payment
UnitedHealth confirmed paying a ransom to BlackCat to:
- Receive a decryptor
- Prevent public release of the stolen data
The ransom was reportedly $22 million.
Double Extortion and Scams
- The affiliate behind the attack claimed BlackCat ran an exit scam, keeping the entire ransom.
- The attacker later partnered with a new ransomware group, RansomHub, and began leaking stolen data to demand additional payments.
- After some data was leaked, the RansomHub entry disappeared, suggesting UnitedHealth may have paid a second ransom.
Financial and Operational Impact
UnitedHealth initially estimated the breach caused $872 million in losses, but by Q3 2024, the figure rose to an expected $2.45 billion in losses for the nine months ending September 30, 2024.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Apple Patches 2025’s First Zero-Day Vulnerability Exploited in iPhone Attacks
Cloudflare CDN Flaw Enables Zero-Click Geo-Location Attack via Signal, Discord
HPE Investigates Claims of Data Breach and Source Code Disclosure by Hackers
Malicious npm and PyPI Packages Steal Solana Private Keys and Delete Sensitive Data
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
