The healthcare industry faces an unprecedented crisis as Change Healthcare, a UnitedHealth subsidiary, confirms that a massive data breach has compromised the personal information of approximately 190 million Americans. This breach, attributed to the ALPHV ransomware gang—a notorious Russian-speaking cybercrime group—marks the largest breach of medical data in U.S. history. The attack, facilitated through a stolen account credential lacking multi-factor authentication, wreaked havoc across the U.S. healthcare system, causing months of outages.
Change Healthcare, a healthtech giant, is renowned for handling vast amounts of health and medical data, making it one of the largest processors of healthcare claims in the United States. The breach occurred when hackers infiltrated Change's systems using a stolen account credential. The stolen data includes sensitive information such as names, addresses, dates of birth, phone numbers, email addresses, and government identity documents like Social Security numbers, driver's license numbers, and passport numbers.
UnitedHealth acknowledged the breach through various channels. A spokesperson for the company stated that they were "aware" of the incident. UnitedHealth's CEO, Andrew Witty, confirmed the breach to lawmakers last year. Despite initial estimates suggesting that around 100 million individuals were affected, the final count revealed by Tyler Mason, a spokesperson for UnitedHealth Group, confirmed that approximately 190 million individuals were impacted.
“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” – Tyler Mason, a spokesperson for UnitedHealth Group
In response to the breach, Change Healthcare reportedly paid at least two ransoms to prevent further publication of the stolen files. These payments highlight the severity and urgency with which the company addressed the situation. However, the repercussions of this breach have been significant, causing widespread disruptions across the healthcare sector.
“The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date.” – Tyler Mason, a spokesperson for UnitedHealth Group
The breach has been reported to the Office for Civil Rights under the U.S. Department of Health and Human Services, which investigates such incidents. As Change Healthcare and UnitedHealth work to mitigate the damage and strengthen their security measures, this breach serves as a stark reminder of the critical need for robust cybersecurity protocols in protecting sensitive health information.
Leave a Reply