Industry - Data Breach
Executive Summary
UnitedHealth Group confirmed that a ransomware attack on its subsidiary Change Healthcare exposed protected health information and personally identifiable information potentially affecting a substantial proportion of people in America. The company paid $22 million in ransom but never received the stolen data back because the ransomware operator ALPHV took the payment and shut down, leaving the affiliate attackers and the victim empty-handed. UnitedHealth is offering affected individuals two y...
What Happened
UnitedHealth Group confirmed that a ransomware attack on its subsidiary Change Healthcare exposed protected health information and personally identifiable information potentially affecting a substantial proportion of people in America. The attack, conducted by an affiliate of the ALPHV ransomware group, disrupted healthcare services including pharmacies across the United States. UnitedHealth paid $22 million in ransom, but the ALPHV operators took the entire payment and shut down their operation, leaving both the affiliate attackers and UnitedHealth without the stolen data being returned.
Who Is Affected
The breach potentially affects a substantial proportion of people in America who had their information processed through Change Healthcare. Exposed data includes protected health information and personally identifiable information, though the company states there is currently no evidence that full medical histories or doctors' charts were stolen. The company indicates the full scope of affected individuals is still being determined through an ongoing investigation expected to take several months.
Why It Matters
This incident represents one of the largest healthcare data breaches in recent history given its potential scale across a substantial proportion of the American population. The case illustrates the cascading consequences of healthcare sector cyberattacks, which disrupted pharmacy services and other healthcare operations nationwide. The unusual outcome where ransom was paid but data was never returned demonstrates the unreliability of dealing with cybercriminals and highlights vulnerabilities in critical healthcare infrastructure that processes sensitive information for millions of Americans.
What You Should Do
If you have used healthcare services that may have been processed through Change Healthcare, visit the dedicated website at changecybersupport.com to determine if you are affected and to access more information. Enroll in the two years of free credit monitoring and identity theft protection services being offered by UnitedHealth Group. Monitor your credit reports, financial accounts, and explanation of benefits statements for any suspicious activity, and contact the dedicated call center established by the company if you have specific concerns about your data.
AI-Assisted
Event summaries are generated by Claude AI from verified sources and reviewed by humans before publication.