UnitedHealth has confirmed the ransomware assault on its Change Healthcare unit final February affected round 190 million folks in America — practically double earlier estimates.
The U.S. medical insurance big confirmed the most recent quantity to information.killnetswitch on Friday after the markets closed.
“Change Healthcare has decided the estimated complete variety of people impacted by the Change Healthcare cyberattack is roughly 190 million,” stated Tyler Mason, a spokesperson for UnitedHealth Group in an e-mail to information.killnetswitch. “The overwhelming majority of these folks have already been supplied particular person or substitute discover. The ultimate quantity will probably be confirmed and filed with the Workplace for Civil Rights at a later date.”
UnitedHealth’s spokesperson stated the corporate was “not conscious of any misuse of people’ data on account of this incident and has not seen digital medical document databases seem within the information throughout the evaluation.”
The February 2024 cyberattack is the most important breach of medical information in U.S. historical past and precipitated months of outages throughout the U.S. healthcare system. Change Healthcare, a well being tech big and UnitedHealth subsidiary, is without doubt one of the largest handlers of well being, medical information, and affected person data; it’s additionally one of many largest processors of healthcare claims in america.
The data breach resulted within the theft of large portions of well being and insurance-related data, a few of which was revealed on-line by the hackers who claimed duty for the breach. Change Healthcare subsequently paid at the very least two ransoms to stop additional publication of the stolen recordsdata.
UnitedHealth beforehand put the variety of affected people at round 100 million folks when the corporate filed its preliminary evaluation with the Workplace for Civil Rights, the unit underneath the U.S. Division of Well being and Human Providers that investigates data breaches.
In its data breach discover, Change Healthcare stated that the cybercriminals stole names and addresses, dates of start, cellphone numbers, e-mail addresses, and authorities identification paperwork, which included Social Safety numbers, driver’s license numbers, and passport numbers. The stolen well being information additionally contains diagnoses, drugs, take a look at outcomes, imaging, and care and therapy plans, in addition to medical insurance data. Change stated the information additionally contains monetary and banking data present in affected person claims.
The breach was attributed to the ALPHV ransomware gang, a prolific Russian language cybercrime group. In line with testimony by UnitedHealth Group’s CEO Andrew Witty to lawmakers final yr, the hackers broke into Change’s methods utilizing a stolen account credential, which was not protected with multi-factor authentication.
