Data breaches are unfortunately now more common than ever before. The rise in technology and the speed at which it evolves mean that many companies do not have the budget to protect their data from the more sophisticated attacks and they are vulnerable to those who wish to exploit them.

But measures have improved in the defense department and cases like the 2015 data breach, which compromised 78.8 million people’s information are now rare. That is, until now. A new ransomware attack caused disruptions at pharmacies all across the country in February 2024. This attach, originally targeting Change Healthcare, a subsidiary of UnitedHealth Group that manages finances for medical providers managed to compromise the data of 100 million people.

Since by revenue UnitedHealth Group is the largest healthcare company in the world, not many expected this attack to amount to much, as their defenses should have been up to par. Unfortunately, this was not the case an the attackers were able to find their way into the Change Healthcare employee system due to a lack of multi-factor authentication on login credentials.

A statement from the U.S. Senate Committee on Finance evaluated the aftermath of the hack, highlighting the massive impact it had across the country, involving prescriptions going unfilled, doctors and hospitals not getting paid, and insurance companies unable to reimburse medical providers. The whole healthcare system was made vulnerable by the attack and the ripple effect was felt for days after.

Sen. Ron Wyden, D-Oregon, added his voice to the committee statement with a quote “The Change Healthcare hack is considered by many to be the biggest cybersecurity disruption to health care in American history,”

It may not seem like much, but due to the interconnected nature of health insurance in the U.S it is calculated that approximately a third of all U.S. citizens are somehow connected to UnitedHealth Group, which means that a lot of personal data (more or less relevant) was stored by them and accessed by the attackers. The CEO of Change Healthcare did not mince words or minimize the impact of the attack. In comments reported by TechCrunch he stated that the stolen files included the personal health data for “a substantial proportion of people in America.”

Who perpetrated the data breach

After a thorough investigation, Change Healthcare confirmed that the BlackCat ransomware gang had perpetrated the data breach. The group also claimed the attach in a separate dark web post, explaining the that the loot had been millions of the health and patient information data stored by the company.

The group did not explain the purpose of the breach and has not disclosed its intentions, but it stands to reason that some of the data will be used for identity theft and other crimes, so anyone that has now or in the past used Change Healthcare or any of their subsidiaries should be on alert and lock down their personal information and credit to avoid unwanted surprises.

Since the data breach yielded so much information, a confirmed 100 million people by the U.S. Department of Health and Human Services, it is unclear the type of data that was obtained about each of the people compromised. Plus, this figure could potentially go up even more as the company and their cybersecurity experts continue to analyze the stolen data.

There is also the possibility of the breach having affected less people, as some entries may¡ have been duplicated or empty of any identifying information, but this seems like a misplaced hope. The reality of the situation is that, despite the best efforts of many companies, data security is still on of the pending issues to solve at a large scale.

Note: Thank you for visiting our website! We strive to keep you informed with the latest updates based on expected timelines, although please note that we are not affiliated with any official bodies. Our team is committed to ensuring accuracy and transparency in our reporting, verifying all information before publication. We aim to bring you reliable news, and if you have any questions or concerns about our content, feel free to reach out to us via email. We appreciate your trust and support!