Unfortunately, data breaches are more widespread than ever before. Because of the rapid advancement of technology, many businesses lack the resources to safeguard their data from more sophisticated attacks, leaving them exposed to those seeking to exploit them.
However, defense department measures have improved, and incidents such as the 2015 data breach, which compromised the information of 78.8 million people, are now rare. That is till today.
A new ransomware outbreak disrupted pharmacies across the country in February 2024. This attachment, which was originally intended for Change Healthcare, a UnitedHealth Group business that administers funds for medical providers, compromised the personal information of 100 million people.
Given that UnitedHealth Group is the world’s largest healthcare corporation by revenue, nobody expected this attack to have much impact, as their defenses should have been strong. Unfortunately, this was not the case, and the attackers were able to get access to the Change Healthcare employee system thanks to a lack of multi-factor authentication for login credentials.
The United States Senate Committee on Finance issued a statement evaluating the aftermath of the attack, stressing the huge impact it had across the country, including prescriptions going unfilled, doctors and hospitals not being paid, and insurance companies unable to compensate medical providers. The attack made the entire healthcare system exposed, and the aftermath lasted for days.
Sen. Ron Wyden, D-Oregon, added his voice to the committee statement with a quotation. “The Change Healthcare hack is considered by many to be the biggest cybersecurity disruption to health care in American history,”
It may not seem like much, but due to the interconnected nature of health insurance in the United States, it is estimated that approximately one-third of all U.S. citizens are somehow connected to UnitedHealth Group, implying that a large amount of personal data (more or less relevant) was stored by them and accessed by the attackers.
The CEO of Change Healthcare didn’t mince words or downplay the severity of the attack. According to TechCrunch, the stolen files contained sensitive health information for “a substantial proportion of people in America.”
Who perpetrated the data breach
Following a comprehensive investigation, Change Healthcare determined that the data breach was carried out by the BlackCat ransomware gang. The organization also claimed the attachment in a separate dark web post, stating that the plunder consisted of millions of health and patient information records maintained by the company.
The group has not explained the purpose of the breach or disclosed its intentions, but it is reasonable to assume that some of the data will be used for identity theft and other crimes, so anyone who has used Change Healthcare or any of their subsidiaries should be cautious and lock down their personal information and credit to avoid unpleasant surprises.
Because the data breach revealed so much information, a confirmed 100 million persons by the U.S. Department of Health and Human Services, it is unclear what type of data was stolen about each of the people affected. Furthermore, this figure could become much higher as the corporation and its cybersecurity professionals continue to investigate the stolen data.
The compromise may have affected fewer people if some entries were duplicated or lacked identifying information. However, this appears to be a false optimism. The reality is that, despite many companies’ best efforts, data security remains one of the most pressing concerns to address on a large scale.
Also See:- Taxes are changing forever in the US in 2025 – IRS makes it official and it will affect millions