Massive Data Breach Impacts 100 Million In U S Healthcare System

Over 100 million Americans had data stolen in Change Healthcare cyberattack. The breach affected hospitals, pharmacies, and medical practices across the U.S. Stolen data includes health records, insurance details, and Social Security numbers.

Change Healthcare, a major processor of insurance and billing data across the U.S., handles healthcare information for about a third of Americans. The breach exposed sensitive data across thousands of hospitals, pharmacies, and medical practices, highlighting vulnerabilities in the U.S. healthcare data infrastructure, as noted by TechCrunch (TC). BC reports that, in the months following the June breach, Change Healthcare has disclosed that the stolen data includes a broad range of sensitive information. Health insurance details, medical records, payment and billing information, and personal identifiers such as Social Security and driver’s license numbers were among the compromised data. However, not every affected person’s medical history was exposed, as noted by BC. Earlier this month, Reuters reported that Change Healthcare anticipates significant operational disruptions from the breach, projecting a $705 million financial impact due to payment delays and service outages. UnitedHealth responded by issuing billions of dollars in loans to healthcare providers and covering notification costs for affected customers. TC reports that the attack, attributed to the ALPHV/BlackCat ransomware group, first surfaced in February when Change Healthcare shut down much of its network to contain the breach, causing immediate service interruptions across the healthcare sector. Following the attack, ALPHV/BlackCat disappeared with a reported $22 million ransom paid by UnitedHealth. After internal disputes, contractors involved in the hack formed a new group, attempting a second extortion and leaking some of the stolen data online as proof of their demands, as reported by TC. Change Healthcare’s access to a copy of the stolen data enabled the company to identify and alert affected individuals, said TC. Although no evidence suggests the data was fully deleted, other ransomware groups, such as LockBit, have shown a tendency to retain stolen data even after victims comply with ransom demands, noted TC.