Change Healthcare hack affects over 100M, largest-ever US healthcare data breach

A ransomware attack on Change Healthcare in February 2024 has resulted in the theft of private health information from over 100 million individuals, marking it as the largest healthcare data breach in U.S. history. UnitedHealth Group (UHG), which owns Change Healthcare, confirmed the scale of the breach after previously indicating it would affect a substantial number of Americans. The stolen data includes personal information such as names, addresses, Social Security numbers, and detailed health records. The attack caused significant disruptions across the U.S. healthcare sector, as Change Healthcare is a major processor of medical data and billing. The cybercriminal group ALPHV/BlackCat has been identified as responsible for the breach, having exploited a lack of multi-factor authentication to gain access to UHG's systems. Following the attack, UHG paid a ransom of $22 million to retrieve a copy of the stolen data, which has allowed them to notify affected individuals. The breach has raised concerns about cybersecurity practices within large healthcare organizations, especially given UHG's substantial revenue and the sensitive nature of the data it handles. Investigations into the breach and UHG's practices are ongoing, with lawmakers scrutinizing the company's cybersecurity measures and the implications of its data handling.

- Over 100 million individuals affected by the Change Healthcare data breach.

- The breach is the largest known healthcare data theft in U.S. history.

- ALPHV/BlackCat ransomware group exploited weak security measures to access data.

- UHG paid a $22 million ransom to retrieve stolen data.

- Ongoing investigations into UHG's cybersecurity practices and data handling.