100 million people hit in largest healthcare data breach in history — medical info, SSNs and more

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

100 million people hit in largest healthcare data breach in history — medical info, SSNs and more

When you buy through links on our articles, Future and its syndication partners may earn a commission.

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

Credit: Shutterstock

More than 100 million people had their personal information and healthcare data stolen in the massive UnitedHealth ransomware ******* earlier this year, making it the largest healthcare data breach in the country.

After completing its investigation into February’s data breach,

This is the hidden content, please

• Sign In
• or
• Sign Up

that roughly a third of all Americans’ health data was exposed in the *******. The findings confirm

This is the hidden content, please

• Sign In
• or
• Sign Up

that the ******* exposed sensitive data for a “substantial proportion of people in America.”

In February, the ransomware hacking group ALPHV, also known as “BlackCat,” launched a cyberattack on UnitedHealth subsidiary Change Healthcare, causing months of unprecedented outages and disruptions in claims processing across the U.S. healthcare sector. Change Healthcare is one of the largest health payment processing companies in the world and works with leading insurance companies like Aetna, Anthem, Blue Cross Blue Shield, and Cigna.

“On October 22, 2024, Change Healthcare notified [the HHS’s Office for Civil Rights] that approximately 100 million individual notices have been sent regarding this breach,” reads an

This is the hidden content, please

• Sign In
• or
• Sign Up

.

According to public notices the company pushed out in June, the stolen data includes: billing, claims, and payment information; medical information such as diagnoses, test results, and medical record numbers; health insurance information such as member/group ID numbers; and personal information such as Social Security numbers and driver’s licenses or state ID numbers.

UnitedHealth first reported the breach on February 21. Change Healthcare pushed out a data breach notification warning to users the next month. In June, the company issued a public notice as part of its requirement to notify the estimated one-third of the country impacted by the ransomware *******. The federal investigation is still in its final stages, UnitedHealth said in a statement, and the company will continue notifying potentially impacted individuals as quickly as possible.

In a May congressional hearing, UnitedHealth

This is the hidden content, please

• Sign In
• or
• Sign Up

that the hacker group used stolen employee login credentials to breach the company’s Citrix remote access service. Crucially, the Citrix profile did not have

This is the hidden content, please

• Sign In
• or
• Sign Up

turned on, which opened the gates for hackers to remotely access the company’s network. Witty told lawmakers that the company has since updated its internal policies to mandate MFA following the cyberattack. UnitedHealth confirmed to Congress it paid the $22 million ransom demand to receive a decryptor under the agreement that the hackers delete the stolen data, but the data deletion never occurred. After receiving the payment,

This is the hidden content, please

• Sign In
• or
• Sign Up

.

More from Tom’s Guide

This is the hidden content, please

• Sign In
• or
• Sign Up

#million #people #hit #largest #healthcare #data #breach #history #medical #info #SSNs

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up