UnitedHealth now says 190 million impacted by 2024 data breach
By Lawrence Abrams
- January 26, 2025
- 11:29 AM
- 2
UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure.
In October, UnitedHealth reported to the US Department of Health and Human Services Office for Civil Rights that the attack affected 100 million people. However, as first reported by TechCrunch, UnitedHealth confirmed on Friday that the figure has nearly doubled to 190 million.
In October, UnitedHealth reported to the US Department of Health and Human Services Office for Civil Rights that the attack affected 100 million people. However, as first reported by TechCrunch, UnitedHealth confirmed on Friday that the figure has nearly doubled to 190 million.
"Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million," UnitedHealth Group told TechCrunch.
"The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date."
While UnitedHealth says that there are no indications that the threat actors have misused the stolen data, the sheer quantity of sensitive information stolen in the attack is massive.
This stolen data includes patients' health insurance information, medical records, billing and payment information, and sensitive personal information, such as phone numbers, addresses, and, in some cases, Social Security Numbers and government ID numbers.
The ransomware attack on UnitedHealth's subsidiary, Change Healthcare, is the largest healthcare data breach in US history.
The Change Healthcare ransomware attack
In February 2024, UnitedHealth subsidiary Change Healthcare suffered a massive ransomware attack, leading to widespread disruption to the United States healthcare system.
- This disruption prevented doctors and pharmacies from filing claims and pharmacies from accepting discount prescription cards, causing patients to pay full price for medications.
- It was later learned that the BlackCat ransomware gang, aka ALPHV, was behind the attack.
- The threat actors used stolen credentials to breach the company's Citrix remote access service, which did not have multi-factor authentication enabled.
After breaching the network, the threat actors stole 6 TB of data and encrypted computers, causing the company to shut down IT systems and its online platforms for billing, claims, and prescription fulfillment.
The UnitedHealth Group later confirmed it paid a ransom to receive a decryptor and to prevent the threat actors from publicly releasing the stolen data. This ransom payment was allegedly $22 million, according to the BlackCat ransomware affiliate who conducted the attack.
This ransom payment was supposed to be split between the affiliate and the ransomware operators, but the BlackCat suddenly shut down in an exit scam, stealing the entire payment for themselves.
source: Dmitry Smilyanets
This is where it got worse for UnitedHealth, as the threat actor behind the attack stated that they did not delete the stolen data as promised.
UnitedHealthcare Data Breach Update: 190 Million Impacted in Change Healthcare Cyber Attack - Security Spotlight
UnitedHealth gave hackers easy access to Change data, new lawsuit claims - Insurance News | InsuranceNewsNet
Change Healthcare ransomware attack exposes data of 190 million people
The most high-profile cyberattacks of 2024 - HackYourMom
The Wiretap: DeepSeek Turned Into Evil Malware Maker, Researchers Find
Healthcare is a Major Ransomware Target - Information Technology
-
Hackers exploiting flaws in SimpleHelp RMM to breach networks
Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks.
- January 28, 2025
- 04:49 PM
0
-
Google to kill Chrome Sync on older Chrome browser versions
Google announced that the Chrome Sync feature will be discontinued in early 2025 for Chrome versions older than four years.
- January 28, 2025
- 03:44 PM
- 0
-
Explore 17 different career paths with this CompTIA course bundle deal
Many professionals earn CompTIA certifications to learn about IT, and then validate their knowledge and expertise to prospective employers. Interested? This CompTIA certification training super bundle includes 17 courses for only $49.99 (reg. $493).
- January 28, 2025
- 02:06 PM
- 0
-
Garmin GPS watches crashing, stuck in triangle 'reboot loop'
Garmin users are reporting that their watches crash when using apps that require GPS access and then get stuck in a reboot loop, showing a blue triangle logo.
- January 28, 2025
- 01:39 PM
- 0
-
New Apple CPU side-channel attacks steal data from browsers
A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers.
- January 28, 2025
- 01:00 PM
- 0
-
Engineering giant Smiths Group discloses security breach
London-based engineering giant Smiths Group disclosed a security breach after unknown attackers gained access to the company's systems.
- January 28, 2025
- 12:28 PM
- 0
-
Signal will let you sync old messages when linking new devices
Signal is finally adding a new feature that allows users to synchronize their old message history from their primary iOS or Android devices to newly linked devices like desktops and iPads.
- January 28, 2025
- 11:27 AM
- 0
-
PowerSchool starts notifying victims of massive data breach
Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack.
- January 28, 2025
- 10:43 AM
- 0
-
DeepSeek halts new signups amid "large-scale" cyberattack
Chinese AI platform DeepSeek has disabled registrations on its DeepSeek-V3 chat platform due to an ongoing "large-scale" cyberattack targeting its services.
- January 27, 2025
- 05:01 PM
- 9
-
Bitwarden makes it harder to hack password vaults without MFA
Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts.
- January 27, 2025
- 04:00 PM
- 0
-
Microsoft: January Windows security updates break audio playback
Microsoft has confirmed that the January 2025 Windows security updates are breaking audio playback on some systems with external DACs (digital-to-analog converters).
- January 27, 2025
- 03:39 PM
- 0
-
Apple fixes this year’s first actively exploited zero-day bug
Apple has released security updates to fix this year's first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users.
- January 27, 2025
- 02:17 PM
- 0
-
EU sanctions Russian GRU hackers for cyberattacks against Estonia
The European Union sanctioned three hackers, part of Unit 29155 of Russia's military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia's government agencies in 2020.
- January 27, 2025
- 01:51 PM
- 0
-
Windows 11 24H2 preview brings new taskbar features
Windows 11 taskbar is testing a new feature that helps you understand the current power state of your laptop's battery, including showing the battery percentage directly on the taskbar.
- January 27, 2025
- 01:26 PM
- 2
-
Hackers steal $85 million worth of cryptocurrency from Phemex
The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency.
- January 27, 2025
- 01:03 PM
- 0
-
Microsoft Teams phishing attack alerts coming to everyone next month
Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025.
- January 27, 2025
- 12:43 PM
- 0
-
Clone2Leak attacks exploit Git flaws to steal credentials
A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests.
- January 27, 2025
- 11:36 AM
- 0
No comments:
Post a Comment