UnitedHealth’s Data Breach Affected 100 Million Americans. Here’s What the Cyberattack Exposed.
It’s the largest healthcare data breach to date.
Key Takeaways
- UnitedHealth Group estimates that 100 million Americans were affected by a February cyberattack, as of a new filing.
- The cyberattack exposed sensitive information, including health records and personally identifiable information like Social Security numbers.
- Research conducted by the nonprofit Identity Theft Resource Center shows a rise in data breaches in the U.S.
In February, Change Healthcare, a tech company owned by UnitedHealth Group (UHG), underwent that involved paying a $22 million ransom to resolve.
On Thursday, UHG quantified the number of people affected by the attack for the first time, eight months after the breach happened. A in the U.S. Department of Health and Human Services portal on Thursday shows that one-third of the U.S. population, or about , had their data stolen during the breach.
The cyberattack sensitive health records, like medical diagnoses, test results, medications, and health plans, as well as Social Security numbers and other personally identifiable information.
Related: UnitedHealth Paid Ransom to Cyberhackers After Patients’ Personal Data Was Compromised
The scope of the attack makes it the largest healthcare data breach ever, surpassing an Anthem incident in 2015 that affected .
According to a testimony given by UHG CEO Andrew Witty before , the data breach happened when “criminals used compromised credentials” to get into a Change healthcare portal that did not have multi-factor authentication enabled. Change handles payment processing for medical claims per year or about 40% of all claims; UHG it in late 2022.
The cyberattack disrupted daily life — some medical providers, hospitals, and pharmacies were unable to and for after it happened.
The U.S. is experiencing an in data breaches. The nonprofit Identity Theft Resource Center says there has been a in incidents from 2021 to 2023.
Key Takeaways
- UnitedHealth Group estimates that 100 million Americans were affected by a February cyberattack, as of a new filing.
- The cyberattack exposed sensitive information, including health records and personally identifiable information like Social Security numbers.
- Research conducted by the nonprofit Identity Theft Resource Center shows a rise in data breaches in the U.S.
In February, Change Healthcare, a tech company owned by UnitedHealth Group (UHG), underwent that involved paying a $22 million ransom to resolve.
On Thursday, UHG quantified the number of people affected by the attack for the first time, eight months after the breach happened. A in the U.S. Department of Health and Human Services portal on Thursday shows that one-third of the U.S. population, or about , had their data stolen during the breach.
The cyberattack sensitive health records, like medical diagnoses, test results, medications, and health plans, as well as Social Security numbers and other personally identifiable information.
