iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
The ALPHV (BlackCat) cyber attack on the tech unit of major US healthcare provider UnitedHealth’s subsidiary, Change Healthcare, affected the data of 100 million people.
According to the US Department of Health and Human Services, the large number of affected individuals means the UnitedHealth data breach was the largest healthcare data breach ever to hit the US.
Prior to the latest announcement, UnitedHealth said that the incident may have resulted in the data of a third of all Americans being exfiltrated by threat actors.
According to previous releases, the data exposed may have included Social Security numbers, health insurance member IDs, treatment details, the diagnoses of patients, and health provider billing codes.
UnitedHealth began notifying those affected in June and has now said the investigation is reaching its final stages.
The UnitedHealth incident was first detected in February when the company discovered that threat actors had gained access to the network of its subsidiary, Change Healthcare.
While originally believed to have been conducted by a state-sponsored threat actor, the incident was claimed by the ALPHV ransomware gang.
When UnitedHealth did pay the threat group the ransom, ALPHV went dark and scammed its affiliate behind the breach out of the US$22 million payment.
Following this, the RansomHub gang claimed responsibility for the incident, initially seeking another ransomware payment. It eventually listed the data for sale.
In April, UnitedHealth said the incident had caused a US$872 million loss.
Be the first to hear the latest developments in the cyber industry.
