Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Google says AI-based bug hunter has discovered 20 security vulnerabilities

August 4, 2025

Confusing accused of scraping websites that explicitly blocked AI scraping

August 4, 2025

Openai says ChatGpt is on track to reach 700m-a-week users

August 4, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    Openai says ChatGpt is on track to reach 700m-a-week users

    August 4, 2025

    Elon Musk says he's reclaiming Vine's archives

    August 4, 2025

    Chariture.ai adds social feeds to its app

    August 4, 2025

    TrueCaller's call recording function will not work on iPhones from September 30th

    August 1, 2025

    TrueCaller's call recording function will not work on iPhone from September 30th

    August 1, 2025
  • Crypto

    North Korean spies pretending to be remote workers have invaded hundreds of businesses, CloudStrike says

    August 4, 2025

    Telegram's Crypto Wallet will be released in the US

    July 22, 2025

    Indian Crypto ExchangeCoindCX confirms $44 million stolen during hack

    July 21, 2025

    North Korean hackers blamed record-breaking spikes in 2025

    July 17, 2025

    Bitcoin surpasses $118K at the second highest high in 24 hours

    July 11, 2025
  • Security

    Google says AI-based bug hunter has discovered 20 security vulnerabilities

    August 4, 2025

    Confusing accused of scraping websites that explicitly blocked AI scraping

    August 4, 2025

    Commerce Dept.'s backlog reportedly has suspended Nvidia's H20 chip license

    August 1, 2025

    The Commerce Department's backlog reportedly stalling Nvidia's H20 chip license

    August 1, 2025

    Sex toy maker Ravens threatens legal action after fixing security flaws that published user data

    August 1, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    What should the founder think about if they are trying to raise the series c?

    August 2, 2025

    Venture company CRV raises $750 million and returns capital to investors, then downsizing

    August 1, 2025

    Kleiner Perkins has a really good week

    August 1, 2025

    Details will be revealed about how Windsurf's VCS and Founders were paid from Google transactions

    August 1, 2025

    Basic Research Lab nabs over $30 million to build AI agents vertically

    August 1, 2025
TechBrunchTechBrunch

UnitedHealth Announces Change Healthcare Data Breach Affects More than 100 Million Americans

TechBrunchBy TechBrunchOctober 24, 20246 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


In February, a ransomware attack against Change Healthcare resulted in more than 100 million individuals having their personal medical information stolen. This cyberattack caused months of unprecedented outages and widespread disruption across the U.S. healthcare industry.

UnitedHealth Group, the US health insurer that owns health tech companies, has disclosed data on a large number of individuals, after previously saying it expected the data breach to include data on a “significant proportion of people”. This is the first time I have exposed myself to a breach. In America. ”

The U.S. Department of Health and Human Services first reported the latest numbers on its data breach portal Thursday.

UHG spokesman Tyler Mason did not respond to a request for comment.

The ransomware attack and data breach at Change Healthcare is the largest known digital theft of U.S. medical records and one of the largest data breaches in living history. The impact on the millions of Americans whose personal medical information has been irretrievably stolen is likely to last a lifetime.

UHG began notifying affected individuals in late July, which continued through October.

While the personal data stolen varies from person to person, Change previously reported that personal information such as name and address, date of birth, phone number, and email address, as well as government information including Social Security number, driver's license, and passport number, were stolen. I made sure to include my ID. Stolen health data includes diagnoses, medications, test results, imaging, care and treatment plans, health insurance information, as well as financial and banking information contained in claims and payment data harvested by criminals. .

Change Healthcare processes patient insurance and claims across the U.S. healthcare sector, including thousands of hospitals, pharmacies and medical practices, and is one of the largest providers of health, medical data and patient records. As a result, Change handles vast amounts of health and medical information on about one-third of all Americans, CEO Andrew Whitty told lawmakers in May.

The cyberattack became public on February 21, when Change Healthcare took much of its network offline to thwart the intruders, and the U.S. healthcare industry relied on Change to process patient insurance and claims. There was an immediate outage across the board.

UHG attributed the cyberattack to ALPHV/BlackCat, a Russian-speaking ransomware and extortion gang that was later held responsible for the cyberattack.

The ransomware gang's leaders fled with a $22 million ransom paid by the health insurance giant, then disappeared and blackmailed the group's contractors who carried out the Change Healthcare hack as a new source of income. . The contractors took the data stolen from Change Healthcare, formed a new group, extorted a second ransom from UHG, and in the process published some of the stolen files online to prove the threat. .

There is no evidence that the cybercriminals subsequently deleted the data. Other extortion gangs, including Rockbit, have been found to keep stolen data even after victims have paid and criminals have claimed to have deleted the data.

Upon paying the ransom, Change obtained a copy of the stolen datasets. This allows the company to identify and notify affected individuals whose information is found within the data.

The US government's efforts to capture the hackers behind ALPHV/BlackCat, one of today's most prolific ransomware groups, have so far failed. The gang bounced back in 2023 after conducting a takedown operation to seize the gang's dark web leak site.

Months after the Change Healthcare breach, the U.S. State Department increased the reward for information on the ALPHV/BlackCat cybercriminals' whereabouts to $10 million.

Corporate integration and security vulnerabilities are blamed for data breaches

As Change Healthcare continues to recover from the February cyberattack, parts of its network remain offline. Lawmakers are also investigating this breach and its impact on the millions of Americans whose health data was irreversibly stolen.

At a House hearing on the April cyberattack, UnitedHealth CEO Whitty said cybercriminals used stolen credentials that were not protected by multi-factor authentication (MFA). Admitted to breaking into one of the employee systems. Exploitation of password theft.

By gaining access to critical internal systems using only stolen passwords, the ransomware gang was able to reach other parts of Change Healthcare's network and deploy ransomware.

UnitedHealth CEO Andrew Whitty testifies before the Senate Finance Committee on May 1, 2024 on Capitol Hill in Washington, DC.UnitedHealth CEO Andrew Whitty testifies before the Senate Finance Committee on Capitol Hill on May 1, 2024 in Washington, DC. Image credit: Kent Nishimura/Getty Images

It is unclear why the systems were not protected by MFA, but this will continue to be a key part of the ongoing investigation by lawmakers and the government. Whitty told lawmakers that the organization became active after the cyber attack and is now enforcing MFA.

Lawmakers focused on how UHG processes large amounts of data and generates vast amounts of revenue, saying it fails in basic cybersecurity.

According to its 2023 full-year earnings report, UHG made a profit of $22 billion on revenue of $371 billion. UHG CEO Whitty received $23.5 million in executive compensation that year.

While the lack of MFA was exploited in this case, the sheer volume and richness of the highly sensitive data that Change Healthcare collects and stores makes it a target in its own right, the lawmakers said.

Change Healthcare merged with U.S. healthcare provider Optum in 2022 as part of a $7.8 billion deal by UnitedHealth Group. The agreement between UHG's two leading healthcare companies gives Optum, which owns physician groups and provides technology and data to insurance companies and healthcare services, broad access to Change's patient records. Ta.

In total, UnitedHealth Group provides benefit plans to more than 53 million customers in the U.S. and an additional 5 million customers outside the U.S., according to its latest full-year earnings report. . Optum serves approximately 103 million customers in the United States.

The partnership faced scrutiny from U.S. federal antitrust authorities, who filed a lawsuit to block UHG's acquisition of Change Healthcare and its merger with Optum, with UnitedHealth claiming “about half of each citizen's health insurance claims.” They argued that gaining access to this would give them an unfair competitive advantage. year. “A judge ultimately approved the deal.

The Justice Department reportedly began ramping up its investigation into UHG and its potential anti-competitive practices in the months before the Change Healthcare hack.

read more:



Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Google says AI-based bug hunter has discovered 20 security vulnerabilities

August 4, 2025

Confusing accused of scraping websites that explicitly blocked AI scraping

August 4, 2025

Commerce Dept.'s backlog reportedly has suspended Nvidia's H20 chip license

August 1, 2025

The Commerce Department's backlog reportedly stalling Nvidia's H20 chip license

August 1, 2025

Sex toy maker Ravens threatens legal action after fixing security flaws that published user data

August 1, 2025

Authorities seize servers of black suit ransomware gang

August 1, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

Google says AI-based bug hunter has discovered 20 security vulnerabilities

August 4, 2025

Confusing accused of scraping websites that explicitly blocked AI scraping

August 4, 2025

Openai says ChatGpt is on track to reach 700m-a-week users

August 4, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.