The attack on United Health’s tech unit in February could be tagged as the largest hack involving the personal records of individuals. As per the U.S. Health Department website, more than 100 million users’ personal information was stolen by hackers. In their statement, United Health stated that the breach compromised almost one-third of the Americans’ records, and they have reached out to the patients, informing them about the incident and advising them to take remedial actions.
The entity was breached by a hacking group dubbed ALPHV, aka Blackcat. The attack that came to light in February 2024 caused a major setback to claims processing that impacted both the insurance providers as well as the patients. Following some investigation, in June, the department rolled out a public notice informing the affected individuals about the ransomware attack.
The company has not confirmed the data affected by the breach, but it could include health insurance member IDs, patient diagnoses, treatment information and social security numbers, as well as billing codes used by providers. In testimony, the company’s CEO confirmed that hackers exploited stolen credentials of an employee account lacking MFA to access a Change Healthcare Citrix portal. This portal lets employees access their work computers remotely on their internal networks.
This ransomware attack is an example of how attackers can severely exploit the lack of a basic security feature and the impact such loopholes in big organizations can have on the general public. The hack has permanently damaged the company’s reputation, and the financial impact could be about $705 million, as per the statement made by the firm.
Ransomware attacks have always been a menace, especially in the healthcare sector. A similar breach in 2015 at Elevance Health, earlier known as Anthum, had impacted nearly 79 million US citizens, but this one stands to be the biggest breach in the country.
