UnitedHealth has revealed that 190 million Individuals had their private and healthcare information stolen within the Change Healthcare ransomware assault, practically doubling the beforehand disclosed determine.
In October, UnitedHealth reported to the US Division of Well being and Human Companies Workplace for Civil Rights that the assault affected 100 million folks. Nonetheless, as first reported by TechCrunch, UnitedHealth confirmed on Friday that the determine has practically doubled to 190 million.
“Change Healthcare has decided the estimated whole variety of people impacted by the Change Healthcare cyberattack is roughly 190 million,” UnitedHealth Group advised TechCrunch.
“The overwhelming majority of these folks have already been offered particular person or substitute discover. The ultimate quantity will likely be confirmed and filed with the Workplace for Civil Rights at a later date.”
Whereas UnitedHealth says that there aren’t any indications that the risk actors have misused the stolen information, the sheer amount of delicate info stolen within the assault is huge.
This stolen information consists of sufferers’ medical insurance info, medical information, billing and cost info, and delicate private info, similar to telephone numbers, addresses, and, in some instances, Social Safety Numbers and authorities ID numbers.
The ransomware assault on UnitedHealth’s subsidiary, Change Healthcare, is the biggest healthcare data breach in US historical past.
The Change Healthcare ransomware assault
In February 2024, UnitedHealth subsidiary Change Healthcare suffered a large ransomware assault, resulting in widespread disruption to america healthcare system.
This disruption prevented docs and pharmacies from submitting claims and pharmacies from accepting low cost prescription playing cards, inflicting sufferers to pay full worth for drugs.
It was later discovered that the BlackCat ransomware gang, aka ALPHV, was behind the assault. The risk actors used stolen credentials to breach the corporate’s Citrix distant entry service, which didn’t have multi-factor authentication enabled.
After breaching the community, the risk actors stole 6 TB of knowledge and encrypted computer systems, inflicting the corporate to close down IT methods and its on-line platforms for billing, claims, and prescription achievement.
The UnitedHealth Group later confirmed it paid a ransom to obtain a decryptor and to forestall the risk actors from publicly releasing the stolen information. This ransom cost was allegedly $22 million, in accordance with the BlackCat ransomware affiliate who carried out the assault.
This ransom cost was imagined to be cut up between the affiliate and the ransomware operators, however the BlackCat instantly shut down in an exit rip-off, stealing all the cost for themselves.
That is the place it bought worse for UnitedHealth, because the risk actor behind the assault acknowledged that they didn’t delete the stolen information as promised.
The attacker then partnered with a brand new ransomware operation named RansomHub and started leaking a number of the stolen information, demanding a further cost for the info to not be launched.
A number of days later, the Change Healthcare entry on RansomHub’s information leak web site mysteriously disappeared, indicating that United Well being probably paid a second ransom demand.
UnitedHealth mentioned in April that the Change Healthcare ransomware assault triggered $872 million in losses, which elevated as a part of the Q3 2024 earnings to an anticipated $2.45 billion for the 9 months to September 30, 2024,
