Written by : Dr. Aishwarya Sarthe
January 26, 2025
The breach, which occurred last year, involved the "Blackcat" ransomware group, according to a statement from the health conglomerate.
UnitedHealth Group has disclosed that a cyberattack on its tech division, Change Healthcare, has impacted the personal data of 190 million individuals, making it the largest healthcare data breach in U.S. history. The breach, which occurred last year, involved the "Blackcat" ransomware group, according to a statement from the health conglomerate.
The attack primarily targeted sensitive health information, including health insurance member IDs, patient diagnoses, treatment details, social security numbers, and billing codes used by healthcare providers. While the full extent of the breach is still being assessed, UnitedHealth confirmed that the final number of affected individuals will be officially filed with the U.S. Department of Health and Human Services’ office for civil rights at a later date.
The cyberattack disrupted claims processing systems, which in turn affected both patients and healthcare providers across the United States. The breach was particularly impactful as it occurred in a critical area of the healthcare system, causing widespread delays in processing medical claims and services.
Despite the large-scale exposure, Change Healthcare stated that it has not seen any misuse of the compromised data. In an official statement, the company reassured those affected, saying, “Change Healthcare is not aware of any misuse of individuals' information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis.”
As part of the recovery process, Change Healthcare sent notices to the majority of those impacted by the breach in compliance with the Health Insurance Portability and Accountability Act (HIPAA). The company also issued a public notice about the ransomware attack in June 2024, following HIPAA regulations.
Change Healthcare, which handles a significant portion of claims processing for the U.S. healthcare system, continues to assess the full scope of the cyberattack. The company has committed to working with authorities to determine the extent of the breach and improve its security measures moving forward.
Although the breach is one of the most significant in healthcare, both UnitedHealth and Change Healthcare have stressed that the investigation is ongoing, with more updates to follow. The final report will clarify the total number of individuals impacted and the exact nature of the exposed data.