In February, Change Healthcare, a tech firm owned by UnitedHealth Group (UHG), underwent an enormous cyberattack that concerned paying a $22 million ransom to resolve.
On Thursday, UHG quantified the variety of folks affected by the assault for the primary time, eight months after the breach occurred. A new submitting within the U.S. Division of Well being and Human Companies portal on Thursday exhibits that one-third of the U.S. inhabitants, or about 100 million Individuals, had their knowledge stolen through the breach.
The cyberattack uncovered delicate well being information, like medical diagnoses, check outcomes, drugs, and well being plans, in addition to Social Safety numbers and different personally identifiable info.
Associated: UnitedHealth Paid Ransom to Cyberhackers After Sufferers’ Private Knowledge Was Compromised
The scope of the assault makes it the most important healthcare knowledge breach ever, surpassing an Anthem incident in 2015 that affected nearly 79 million Individuals.
In response to an affidavit given by UHG CEO Andrew Witty earlier than the Home Vitality and Commerce Committee, the information breach occurred when “criminals used compromised credentials” to get right into a Change healthcare portal that didn’t have multi-factor authentication enabled. Change handles cost processing for 15 billion medical claims per 12 months or about 40% of all claims; UHG acquired it in late 2022.
UHG CEO Andrew Witty. Photograph Credit score: Tom Williams/CQ-Roll Name, Inc by way of Getty Photos
The cyberattack disrupted day by day life — some medical suppliers, hospitals, and pharmacies had been unable to fulfill affected person prescriptions and course of billing for sufferers for weeks after it occurred.
The U.S. is experiencing an general enhance in knowledge breaches. The nonprofit Identification Theft Useful resource Heart says there was a 72% rise in incidents from 2021 to 2023.