A cyberattack on UnitedHealth Group’s (UNH.N) tech unit last year exposed the personal data of 190 million people, making it the largest healthcare data breach in U.S. history, the company disclosed on Friday.
The hack targeted Change Healthcare, a UnitedHealth subsidiary, and compromised sensitive information, including health insurance IDs, diagnoses, treatment records, Social Security numbers, and billing codes. The breach, initially disclosed in February, was linked to the “BlackCat” ransomware group, causing significant disruptions in claims processing for patients and providers nationwide.
In October, the U.S. Department of Health and Human Services reported that the personal information of 100 million people had been impacted, with final numbers still under review. Change Healthcare stated it has notified most affected individuals, either directly or through substitute notices, as required by the Health Insurance Portability and Accountability Act (HIPAA).
The company confirmed it found no evidence of misuse or the sale of electronic medical records during its investigation. Despite this, the attack raises serious concerns about cybersecurity in healthcare.
Change Healthcare issued a public notice about the breach in June 2024, fulfilling HIPAA regulations that mandate patient notifications in cases of data exposure. The incident underscores the growing threat of ransomware attacks on critical sectors, with healthcare organizations becoming prime targets due to the sensitivity and value of their data.
UnitedHealth Group and Change Healthcare are cooperating with authorities and have implemented measures to strengthen their systems against future breaches.
Also read: Michael Grimes in Talks to Join Trump’s Administration
