UnitedHealthcare Data Breach Impacts Almost Twice as Many People as Initially Believed

A UnitedHealthcare security advisory regarding a previous ransomware attack against one of its subsidiaries updates the number of impacted individuals, almost doubling the number first disclosed.

Change Healthcare ransomware attack last year

One of UnitedHealthcare’s subsidiaries, Change Healthcare, suffered a devastating ransomware attack last year, exposing the data of a staggering number of Americans to threat actors.

Although the breach occurred in February, Change Healthcare only released an official statement about it in October.

The initial announcement said the incident impacted 100 million people in the US, an already breath-taking number; however, a recent update shows the number taking a massive leap to 190 million, almost doubling.

This development places the ransomware attack against Change Healthcare at the top of the list of significant healthcare data breaches in US history.

From 100 to 190 million impacted individuals—so far

“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” said UnitedHealth Group representative Tyler Mason in an email to TechCrunch. “The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date.”

To make matters worse, the recent announcement might not even disclose the full extent of the data breach, as the final number of impacted people is expected to be confirmed and filed later.

Huge trove of sensitive data exposed to attackers

In the attack, threat actors exfiltrated a trove of sensitive details, including health insurance data, medical records, billing and payment information, as well as personal identification data.

According to UnitedHealthcare’s security advisory, the type of data stolen varies from one individual to another. The same announcement mentions that there is no sign of misuse involving the stolen data but, even if that’s the case, the amount of deeply sensitive data stolen is still tremendously concerning.

Mitigating fallout from massive data breaches

Dedicated software like Bitdefender Digital Identity Protection can help you mitigate the fallout of a significant data breach, such as the one at Change Healthcare.

It provides a comprehensive overview of your online data, including traces from no longer-used or obsolete services. It continuously scans the public and Dark web for signs of your digital presence and notifies you instantly if it finds any matches in recent security events.

It also helps you patch any weak spots or holes in your digital footprint by providing you with one-click, quick-action items.