UnitedHealth data breach impacted up to 190m people

Attack is thought to have been carried out by an affiliate of the ALPHV ransomware group

Image:
Ransomware group extorted millions of dollars from Change Healthcare along with customer data

Newly released figures suggest the scale of the 2024 Change Healthcare cyberattack is far larger than initially estimated. Around 190 million individuals are thought to have been affected.

The new estimate is almost double the previous figure of 100 million, according to a statement from UnitedHealth Group.

“Change Healthcare estimates that the total number of individuals impacted by the cyberattack is approximately 190 million,” confirmed Tyler Mason, a spokesperson for UnitedHealth Group.

He added, “The majority of those affected have already been notified individually or through substitute notices. The final number will be verified and reported to the Office for Civil Rights in due course.”

The ransomware attack on Change Healthcare in early 2024 is thought to have been carried out by an affiliate of the ALPHV ransomware group, also known as BlackCat. This notorious organisation operates on a ransomware-as-a-service model, where affiliates deploy malicious software and share the profits with the operators.

In this instance, the affiliate reportedly extorted $22 million from Change Healthcare. However, instead of dividing the ransom as promised, ALPHV’s core operators allegedly kept the entire sum before vanishing. The affiliate, left with gigabytes of sensitive data, later rebranded itself as RansomHub and emerged as a new and serious threat.

The rebranded group is said to have demanded additional payments, although it remains unclear if these were made.

Despite the significant breach, Mason stated that there is no evidence to date of the stolen information being used maliciously. “We are not aware of any misuse of individuals’ information as a result of this incident,” he said, adding that no electronic medical records have surfaced during the analysis of the compromised data.

Breaches of this nature often lead to phishing scams, business email compromises, and other forms of cybercrime.