UnitedHealth has confirmed the ransomware assault on its Change Healthcare unit final February affected round 190 million folks in America — almost double earlier estimates.
The U.S. medical insurance large confirmed the most recent quantity to TechCrunch on Friday after the markets closed.
“Change Healthcare has decided the estimated whole variety of people impacted by the Change Healthcare cyberattack is roughly 190 million,” stated Tyler Mason, a spokesperson for UnitedHealth Group in an electronic mail to TechCrunch. “The overwhelming majority of these folks have already been offered particular person or substitute discover. The ultimate quantity shall be confirmed and filed with the Workplace for Civil Rights at a later date.”
UnitedHealth’s spokesperson stated the corporate was “not conscious of any misuse of people’ data on account of this incident and has not seen digital medical file databases seem within the information through the evaluation.”
The February 2024 cyberattack is the biggest breach of medical information in U.S. historical past and prompted months of outages throughout the U.S. healthcare system. Change Healthcare, a healthtech large and UnitedHealth subsidiary, is without doubt one of the largest handlers of well being, medical information, and affected person data; it’s additionally one of many largest processors of healthcare claims in america.
The information breach resulted in the theft of large portions of well being and insurance-related data, a few of which was revealed on-line by the hackers who claimed duty for the breach. Change Healthcare subsequently paid no less than two ransoms to forestall additional publication of the stolen information.
UnitedHealth beforehand put the variety of affected people at round 100 million folks when the corporate filed its preliminary evaluation with the Workplace for Civil Rights, the unit below the U.S. Division of Well being and Human Companies that investigates information breaches.
In its information breach discover, Change Healthcare stated that the cybercriminals stole names and addresses, dates of delivery, telephone numbers and electronic mail addresses, and authorities identification paperwork, which included Social Safety numbers, driver’s license numbers, and passport numbers. The stolen well being information additionally contains diagnoses, medicines, take a look at outcomes, imaging and care and therapy plans, and medical insurance data. Change stated the information additionally contains monetary and banking data present in affected person claims.
The breach was attributed to the ALPHV ransomware gang, a prolific Russian language cybercrime group. In keeping with testimony by UnitedHealth Group’s CEO Andrew Witty to lawmakers final yr, the hackers broke into Change’s methods utilizing a stolen account credential, which was not protected with multi-factor authentication.
