A massive data breach at Change Healthcare exposes the personal and medical information of millions of Americans.
 |
| Hackers linked to AlphV/BlackCat ransomware group target UnitedHealth’s Change Healthcare, disrupting the healthcare system. Image/ Illustration: ChicHue |
Minnetonka, Minnesota, USA — January 27, 2025:
Around 190 million Americans may have been impacted by a cyberattack on Change Healthcare, a subsidiary of UnitedHealth. The breach, which disrupted the company’s IT systems, exposed sensitive personal and medical data, reads a Blavity report.
“Change Healthcare has estimated that about 190 million individuals were affected by this cyberattack,” said Tyler Mason, a spokesperson for UnitedHealth Group, in a statement to TechCrunch. “The majority of those affected have already been notified directly or through substitute means. The final number will be confirmed and reported to the Office for Civil Rights at a later date.”
The breach involved the exposure of names, physical addresses, birth dates, Social Security numbers, driver’s license numbers, passport numbers, as well as sensitive medical and financial information. However, it remains unclear if any personal data has been misused. According to PCMag, Mason stated he was “not aware” of any misuse of the affected information, and confirmed that “electronic medical records have not been found in the exposed data.”
The ransomware group AlphV/BlackCat, a Russian-speaking collective, has been linked to the attack, which may cost UnitedHealth as much as $2 billion. The breach, which took place in February 2024, is now considered the largest medical data breach in U.S. history. It caused significant disruptions in the healthcare system, with some outages lasting for months.
Change Healthcare, which manages healthcare claims and medical records for millions of patients, confirmed that it paid two ransoms to prevent the hackers from releasing the stolen data. This underscores the company’s critical role in the U.S. healthcare system.
The breach has exposed significant vulnerabilities within healthcare IT infrastructure, raising concerns about cybersecurity across the industry. While investigations continue, the long-term impact on patients and healthcare providers remains unclear.