100 Million Affected in Change Healthcare Mega Hack: Key Facts to Know

Tech
By 24matins.uk published 29 October 2024 at 19h53, updated on 29 October 2024 at 19h53.
Tech

Here's what you need to know about the massive cyberattack at Change Healthcare that exposed the data of 100 million people.

One of the Largest Health Data Breaches in the U.S.

Earlier this year, UnitedHealth was hit by an unprecedented cyberattack, resulting in the theft of personal and health data of over 100 million individuals. This incident has become the largest health data hack in the nation’s history.

Revealing the Scale of the Attack

Following an in-depth investigation of the February data breach, the U.S. Department of Health and Human Services disclosed this week that nearly a third of all American health data was compromised during the attack. This disclosure confirms UnitedHealth’s April statement that a “substantial proportion of the American population” had their sensitive data exposed.

A Hacker Group Behind the Attack

In February, the hacker group known as ALPHV, or “BlackCat,” launched a cyberattack against Change Healthcare, a subsidiary of UnitedHealth. This caused unprecedented disruptions for months in processing claims across the U.S. health sector. Change Healthcare is one of the world’s largest health payment processing companies and partners with leading insurers like Aetna, Anthem, Blue Cross Blue Shield, and Cigna.

The Consequences of the Attack

According to public notifications issued by the company in June, the stolen data includes billing, claims, and payment information; medical records such as diagnoses, test results, and medical record numbers; health insurance information like member/group identification numbers; and personal details such as Social Security numbers and state ID or driver’s license numbers.

UnitedHealth CEO Andrew Witty testified at a Congressional hearing in May that the hackers used stolen employee credentials to breach the company’s Citrix remote access service. Crucially, the Citrix profile did not have multi-factor authentication (MFA) enabled, allowing hackers remote access to the company’s network. UnitedHealth confirmed it paid a $22 million ransom for a decryption key, under the condition that the hackers delete the stolen data. However, the data deletion never occurred. After receiving the payment, BlackCat shut down its servers.