Change Healthcare attack led to the heist of millions of data

October 30, 2024
Change Healthcare Ransomware Data Theft US Cyberattack

UnitedHealth recently disclosed that the ransomware attack on Change Healthcare stole over 100 million people’s personal information and healthcare data.

During the congressional hearing earlier this year, the UnitedHealth CEO alerted everyone that the hack might have leaked one-third of all American healthcare data. This alert prompted the affected entity to issue a data breach notification, saying that the ransomware attack it suffered exposed a significant amount of data for many Americans.

However, a recent report on a data breach portal revised the overall number of impacted people to 100 million. This new report has included UnitedHealth as a compromised entity since it is Change Healthcare’s parent company, and an official number has been assigned to the incident.

 

Change Healthcare disseminated a data breach alert that revealed the compromised information caused by the February ransomware attack.

 

The Change Healthcare data breach report included various sensitive data that might severely impact its owners. As of now, the alert contains data such as health insurance information, Government payor ID numbers, health information, billing, and claims.

The stolen data also compromised payment information, such as claim numbers, account numbers, billing codes, payment cards, financial and banking information, payments made, and balances due.

In addition to the confirmed stolen data, the ransomware attack also impacted other personal information, including Social Security numbers, driver’s licenses, state ID numbers, and passport numbers.

The information may vary for each individual, and the alert did not disclose everyone’s medical history. This data breach was prompted by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which resulted in severe outages throughout the US healthcare system.

The disruption to the company’s IT systems prevented doctors and pharmacists from filing claims and pharmacies from accepting discount prescription cards. As a result, patients were forced to pay the total price for their drugs.

The BlackCat ransomware group allegedly executed the attack after utilising stolen credentials to gain access to the company’s Citrix remote access service. During the incident, these attackers took 6 TB of data and eventually encrypted network machines, forcing the organisation to shut down IT infrastructure to isolate the attack.

About the author

Leave a Reply