UnitedHealth(US:UNH) TechCrunchยท2025-01-24 23:16Core Insights - UnitedHealth's Change Healthcare unit experienced a ransomware attack in February 2024, affecting approximately 190 million individuals, nearly double the initial estimate of 100 million [1][4] - The cyberattack is noted as the largest breach of medical data in U.S. history, leading to significant outages across the healthcare system [2] - The breach involved the theft of extensive health and insurance-related information, with some data published online by the responsible hackers [3][5] Company Impact - Change Healthcare, a subsidiary of UnitedHealth, is a major player in handling health data and processing healthcare claims in the U.S. [2] - The company has communicated that the majority of affected individuals have been notified, and the final number will be confirmed with the Office for Civil Rights [2] - UnitedHealth has stated that there is no evidence of misuse of the stolen information, and electronic medical record databases have not been compromised [2] Cybersecurity Details - The breach was attributed to the ALPHV ransomware gang, which gained access through a stolen account credential lacking multi-factor authentication [6] - Change Healthcare paid at least two ransoms to prevent further publication of the stolen data [3] - The stolen data includes personal information such as names, addresses, dates of birth, Social Security numbers, and health-related information including diagnoses and treatment plans [5]