UnitedHealth has revealed that 190 million Individuals had their private and healthcare knowledge stolen within the Change Healthcare ransomware assault, practically doubling the beforehand disclosed determine.
In October, UnitedHealth reported to the US Division of Well being and Human Providers Workplace for Civil Rights that the assault affected 100 million folks. Nonetheless, as first reported by TechCrunch, UnitedHealth confirmed on Friday that the determine has practically doubled to 190 million.
“Change Healthcare has decided the estimated complete variety of people impacted by the Change Healthcare cyberattack is roughly 190 million,” UnitedHealth Group informed TechCrunch.
“The overwhelming majority of these folks have already been offered particular person or substitute discover. The ultimate quantity will probably be confirmed and filed with the Workplace for Civil Rights at a later date.”
Whereas UnitedHealth says that there are not any indications that the menace actors have misused the stolen knowledge, the sheer amount of delicate info stolen within the assault is huge.
This stolen knowledge consists of sufferers’ medical insurance info, medical information, billing and cost info, and delicate private info, comparable to cellphone numbers, addresses, and, in some instances, Social Safety Numbers and authorities ID numbers.
The ransomware assault on UnitedHealth’s subsidiary, Change Healthcare, is the most important healthcare knowledge breach in US historical past.
The Change Healthcare ransomware assault
In February 2024, UnitedHealth subsidiary Change Healthcare suffered an enormous ransomware assault, resulting in widespread disruption to the US healthcare system.
This disruption prevented docs and pharmacies from submitting claims and pharmacies from accepting low cost prescription playing cards, inflicting sufferers to pay full value for drugs.
It was later realized that the BlackCat ransomware gang, aka ALPHV, was behind the assault. The menace actors used stolen credentials to breach the corporate’s Citrix distant entry service, which didn’t have multi-factor authentication enabled.
After breaching the community, the menace actors stole 6 TB of knowledge and encrypted computer systems, inflicting the corporate to close down IT programs and its on-line platforms for billing, claims, and prescription success.
The UnitedHealth Group later confirmed it paid a ransom to obtain a decryptor and to stop the menace actors from publicly releasing the stolen knowledge. This ransom cost was allegedly $22 million, in accordance with the BlackCat ransomware affiliate who carried out the assault.
This ransom cost was speculated to be cut up between the affiliate and the ransomware operators, however the BlackCat all of the sudden shut down in an exit rip-off, stealing your entire cost for themselves.
That is the place it obtained worse for UnitedHealth, because the menace actor behind the assault acknowledged that they didn’t delete the stolen knowledge as promised.
The attacker then partnered with a brand new ransomware operation named RansomHub and started leaking a number of the stolen knowledge, demanding a further cost for the info to not be launched.
A number of days later, the Change Healthcare entry on RansomHub’s knowledge leak web site mysteriously disappeared, indicating that United Well being probably paid a second ransom demand.
UnitedHealth stated in April that the Change Healthcare ransomware assault triggered $872 million in losses, which elevated as a part of the Q3 2024 earnings to an anticipated $2.45 billion for the 9 months to September 30, 2024,
