© 2025 CoolTechZone - Latest tech news,
product reviews, and analyses.

Over 100 million people affected in Change Healthcare data breach


Change Healthcare has confirmed that hackers stole personal and medical information from over 100 million clients during a ransomware attack that took place earlier this year.

Change Healthcare is a subsidiary of UnitedHealth Group, the largest healthcare insurance company in the United States. The company processes insurance claims and invoices for hundreds of thousands of hospitals, pharmacies and medical practices across the US.

In February 2024, Change Healthcare was hit by a ransomware attack, which had major implications for the US healthcare system. For example, the attack prevented doctors and pharmacies from filing claims.

The stolen data included:

  • Personal information like names, addresses, dates of birth, phone numbers, email addresses;
  • Health information, such as diagnoses, medications, test results, treatment plans, health insurance details;
  • Financial information, such as claim numbers, account numbers, billing codes, payment cards; and
  • Other personal health insurance information, including copies of identification documents, social security numbers, driver’s license numbers, passport numbers.

At the time, the company couldn’t tell for sure how many clients were exposed by the data breach.

During a congressional hearing in May, UnitedHealth Group CEO Andrew Witty told the attendees that “maybe a third of all Americans’ health data” was compromised in the attack. A month later the company changed its estimation into “a substantial quantity of data” for “a substantial proportion of people in America”.

In an updated FAQ page from the US Department of Health and Human Services, Change Healthcare states that “approximately 100 million individual notices” have been sent regarding the data breach.

The BlackCat ransomware operation, also known as ALPHV, claimed responsibility for the attack. The hacking group said it had used stolen credentials to breach the company’s Citrix remote access service and that multi-factor authentication wasn’t enabled.

The threat actor allegedly stole 6 TB of data and encrypted major parts of Change Healthcare’s network, forcing it to shut down its IT systems.

Parent company UnitedHealth Group admitted to paying a ransom demand to receive a decryptor and for the stolen data to be deleted. A BlackCat ransomware affiliate told the media the health insurance company supposedly paid $ 22 million.

According to Change Healthcare, the ransomware attack caused the company $ 872 million in losses.


Leave a Reply

Your email address will not be published. Required fields are marked