UnitedHealth Group has revealed that the variety of people impacted by the Change Healthcare data breach ensuing from a February 2024 ransomware assault is roughly 190 million.
The healthcare know-how large beforehand reported that the incident impacted roughly 100 million folks, making it the most important healthcare data breach of 2024 by far. Now, the corporate estimates that 190 million people have really been impacted by the cyberattack.
“The overwhelming majority of these folks have already been supplied particular person or substitute discover,” UnitedHealth instructed information.killnetswitch in an emailed assertion.
“Change Healthcare isn’t conscious of any misuse of people’ data on account of this incident and has not seen digital medical file databases seem within the information in the course of the evaluation. Assist sources and data can be found at changecybersupport.com,” the corporate added.
The security breach occurred in February, when, in accordance with UnitedHealth, cybercriminals used compromised credentials to enter a distant entry portal that was not protected by multi-factor authentication.
The attackers, associates of the Alphv/BlackCat ransomware group, had entry to the healthcare group’s techniques for 9 days — on this time-frame they moved laterally and exfiltrated delicate affected person information — earlier than deploying file-encrypting malware.
UnitedHealth paid a $22 million ransom to stop an information leak, however the BlackCat group pulled an exit rip-off to keep away from sharing the ransom with the affiliate that carried out the assault.
This led to a different main ransomware group, RansomHub, making an attempt to extort the healthcare large in April and publishing a number of the stolen information.
In keeping with the latest estimates made by Change Healthcare, the cyberattack had been anticipated to trigger losses totaling practically $2.9 billion. That quantity could improve in gentle of the brand new revelations.
Previous to Change Healthcare’s new influence estimation, the US Division of Well being and Human Companies’ Workplace for Civil Rights acquired details about greater than 700 healthcare data breaches impacting roughly 186 million person information. Nonetheless, with this new estimate, the full variety of impacted information exceeds 275 million.
Change Healthcare instructed information.killnetswitch that “the ultimate quantity can be confirmed and filed with the Workplace for Civil Rights at a later date”.
