In February 2024, Change Healthcare, a company owned by UnitedHealth, was targeted in a large-scale cyberattack leading to one of the largest medical data breaches in U.S. history. Cybercriminals managed to steal personal and medical information of millions of Americans, causing widespread repercussions for the entire healthcare system.
The first signs of trouble emerged on February 21 when Change Healthcare’s system experienced failures. Numerous medical institutions and insurance companies encountered issues with the platform used for processing accounts and insurance payments. It was later revealed that these failures were due to a cybersecurity incident. Subsequently, Change Healthcare had to shut down its network entirely in a bid to prevent further intrusion by hackers, leading to disruptions in operations at many healthcare facilities across the country.
On February 29, UnitedHealth disclosed that the cyberattack was orchestrated by the Alphv/BlackCat extortion group, which claimed responsibility for the breach and admitted to stealing millions of sensitive American data. Notably, the group had disbanded following FBI operations.
In early March, UnitedHealth negotiated a $22 million ransom with the Alphv group. However, shortly after, the group vanished from the Darknet, taking the ransom money with them. The criminals behind the attack disappeared, leaving the stolen data untouched. Despite losing a portion of the ransom, the group still poses a threat of potential further utilization or sale of the pilfered data.
By March 13, Change Healthcare obtained a “secure” copy of the stolen data after paying the ransom several days earlier. This enabled the company to commence the process of analyzing the data to identify the affected individuals and promptly notify them about the breach.
As of mid-March, the disruptions in the U.S. healthcare system persisted. Many patients faced challenges in obtaining prescriptions, with some resorting to paying for medications out of pocket. It was revealed that the hackers had accessed a vast database containing patient medical records, diagnoses, test results, treatment plans, and other personal details.