© 2025 CoolTechZone - Latest tech news,
product reviews, and analyses.

UnitedHealth confirms data breach has impacted 190 million Americans


UnitedHealth has confirmed that approximately 190 million Americans have been affected by the cyberattack that took place in February last year.

UnitedHealth is the biggest health insurance company in the United States. It processes claims and invoices for hundreds of thousands of hospitals, pharmacies and medical practices across the US. Additionally, the company annually takes care of billions of healthcare transactions, as well as a third of US patients' records.

In February 2024, Change Healthcare, a subsidiary of UnitedHealth, became the victim of a ransomware attack, which had a crippling impact on the US healthcare system. Healthcare providers were temporarily left without pay, and pharmacies were struggling to process prescriptions for their patients.

Hackers were able to exfiltrate piles of personal and sensitive patient information, including full names, address information, dates of birth, telephone numbers, email addresses, copies of identification documents, social security numbers, driver’s license numbers, passport numbers, diagnoses, medication information, test results, treatment plans, health insurance information, and financial information relating to claims and payment details.

During an Oversight Hearing in May 2024, UnitedHealth CEO Andrew Witty told the US Committee on Energy and Commerce his company had paid $22 million in ransom to the attackers that were responsible for the ransomware attack.

In November, the US Department of Health and Human Services stated that approximately 100 million people were affected by the cyberattack on United Health. This number has now been revised.

“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million. The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date,” the company now confirms.

A spokesperson told Reuters that Change Healthcare is unaware of any misuse of individuals’ personal information as a result of the incident, adding that it has provided individual or substitute notice to the "vast majority" of those impacted.

The data breach is attributed to ALPHV, a hacking group that is affiliated to Russia. According to Witty, the attackers used stolen login credentials of one of its employees whose account wasn’t protected with multi-factor authentication.


Leave a Reply

Your email address will not be published. Required fields are marked