Skip to main content
  1. Home
  2. Computing
  3. News

100 million affected in worst U.S. health care data breach of all time

By

Until now, the worst health care data breach occurred in 2015, which compromised 78.8 million people. But the ante has been upped.

The cyberattack in question has hit a new record of 100 million people affected — and just happens to have struck the largest health care company in the world (by revenue), UnitedHealth Group.

Recommended Videos

The actual incident happened in February 2024, when a ransomware attack caused disruptions at pharmacies all across the country, originally reported by Reuters. The target was Change Healthcare, a subsidiary of UnitedHealth Group that manages finances for medical providers. Cybercriminals reportedly found their way into the Change Healthcare employee system due to a lack of multi-factor authentication on login credentials.

A statement from the U.S. Senate Committee on Finance described the nightmarish results of the hack, which involved prescriptions going unfilled, doctors and hospitals not getting paid, and insurance companies unable to reimburse medical providers. “The Change Healthcare hack is considered by many to be the biggest cybersecurity disruption to health care in American history,” Sen. Ron Wyden, D-Oregon, said in the committee statement.

Approximately a third of all U.S. citizens are somehow connected to the organization, and that includes lots and lots of personal data. We all knew it was bad at the time, as the CEO of Change Healthcare said the stolen files included the personal health data for “a substantial proportion of people in America,” as reported by TechCrunch.

The attack was claimed to have been committed by the BlackCat ransomware gang, which was confirmed by Change Healthcare. A post on the dark web by the Russia-based group later claimed to have stolen the health and patient information of millions of Americans.

But now, the U.S. Department of Health and Human Services has updated the figure of those affected in its data breach portal to reveal just how bad it really is: a terrifying 100 million people. One industry journal even suggested that the round figure of 100 million could change in the future, as reported by DailyMail. Hopefully that means the actual number could be smaller, but it could just as easily go in the opposite direction.

The sheer scale makes the 5.3 million data breach that affected Mexican health care systems reported on just yesterday look negligible by comparison.

Editors’ Recommendations

Topics
Luke Larsen
Luke Larsen
Senior Editor, Computing
Luke Larsen is the Senior Editor of Computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
U.S. federal court system cyberattack is worse than previously thought
A large monitor displaying a security hacking breach warning.

A cyberattack incident that involved the U.S. federal court system infrastructure has been proven to be an “incredibly significant and sophisticated” attack.

This statement is a stark difference from the one initially provided when the situation occurred in 2020.

Read more
A data breach can cost millions of dollars — and you might be paying it
A dark mystery hand typing on a laptop computer at night.

According to a recent report from IBM Security, data breach costs are constantly on the rise. Unfortunately, this spells bad news not just for the companies involved, but also for the customers -- in more ways than one.

The report, which states that an average data breach is now estimated to cost $4.4 million, exposes the fact that the skyrocketing costs of data breaches directly affect the prices paid by the end customer.

Read more
Cash App breach impacts millions of U.S. customers
Cash App for mobile payments.

Block, formerly Square, has revealed a security breach impacting up to 8.2 million current and former users of Cash App, its mobile payment and investment service.

The San Francisco-based company said in a recent filing with the U.S. Securities and Exchange Commission that the breach was an inside job allegedly carried out by a former employee.

Read more