Change Healthcare Confirms Major Ransomware Attack On Substantial Portion Of Americans

Change Healthcare has confirmed a February ransomware attack on its systems, causing widespread disruption to the U.S. healthcare system and resulting in the theft of medical records affecting a substantial proportion of Americans. The health tech giant, owned by UnitedHealth Group, processes patient insurance and billing for thousands of hospitals, pharmacies, and medical practices across the country, giving it access to massive amounts of health information on about a third of all Americans. The attack led to system shutdowns, resulting in outages and delays for thousands of healthcare providers and affecting countless patients who experienced delays in obtaining prescriptions or medical care.

In its latest statement, Change Healthcare revealed that it is in the process of notifying affected individuals. The stolen data includes personal information such as names, addresses, dates of birth, phone numbers, and email addresses, as well as government identity documents like Social Security numbers, driver licenses, and passport numbers. Additionally, the hackers accessed medical records and health information, including diagnoses, medications, test results, and care plans. Health insurance information, including plan details, billing, claims, and payment information, was also compromised, which includes financial and banking data. The company is still reviewing the stolen data to identify all affected individuals, including guarantors who paid healthcare bills for others.

UnitedHealth confirmed it paid a ransom to the cybercriminal group ALPHV to prevent the publication of the stolen files. Another group, RansomHub, demanded additional payment after claiming ALPHV’s affiliate, who deployed the ransomware, kept the data. RansomHub published several files on its dark web site and threatened to sell the data if another ransom wasn’t paid. The hackers exploited stolen credentials to access Change Healthcare’s network, which lacked multi-factor authentication. The ransomware attack cost UnitedHealth around $870 million in the first three months of the year, while the company made $100 billion in revenue during the same period.

4o