Data Breach
Change Healthcare Data Breach
100.0M records exposed • February 2024
Change Healthcare processes medical claims for a huge portion of US healthcare. When hackers hit them with ransomware, doctors and pharmacies couldn't process payments for weeks. The parent company paid $22 million in ransom, but the data was still leaked. If you've used healthcare in America, your medical records may be in this breach.
What Happened
The Change Healthcare breach was one of the most disruptive healthcare cyberattacks in US history. ALPHV/BlackCat ransomware operators (later claimed by RansomHub) disrupted claims processing for thousands of healthcare providers nationwide. UnitedHealth Group, Change Healthcare's parent, paid $22 million in ransom, affecting an estimated 1 in 3 Americans.
Attack method: Ransomware attack (RansomHub/ALPHV)
What Data Was Exposed
Health insurance information, Medical records, Social Security numbers, Billing and claims data, Provider information, Treatment information, Prescription data
Is your business exposed?
What to Do If You're Affected
- 1.
Monitor for notification letters from Change Healthcare/UnitedHealth
- 2.
Freeze your credit to prevent medical identity theft
- 3.
Request your medical records and review for fraudulent entries
- 4.
Enroll in free credit and identity monitoring when offered
- 5.
Review Explanation of Benefits (EOB) statements for unknown services
- 6.
Watch for targeted scams referencing your healthcare information
Lessons for Businesses
- • Healthcare supply chain attacks have cascading effects
- • Paying ransom doesn't guarantee data won't be leaked
- • Concentration in healthcare IT creates systemic risk
- • Medical identity theft can have life-threatening consequences
Sources
Related Breaches
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required