In February, Change Healthcare, a technology company owned by UnitedHealth Group (UHG), went under a massive cyber attack that included paying a ransom of 22 million dollars to solve.
On Thursday, UHG quantified the number of people affected by the attack for the first time, eight months after the breach occurred. or new deposit on the portal of the US Department of Health and Human Services on Thursday shows that a third of the American population, or about 100 million Americanshad their data stolen during the breach.
Cyber attack exposed sensitive health data, such as medical diagnoses, test results, medications and health plans, as well as social security numbers and other personally identifiable information.
Related: UnitedHealth paid ransom to cyber hackers after personal patient data was compromised
The scope of the attack makes it the largest healthcare data breach ever, surpassing a 2015 Anthem incident that affected nearly 79 million Americans.
According to a testimony given by UHG CEO Andrew Witty earlier House Energy and Commerce Committeethe data breach occurred when “criminals used compromised credentials” to access an “Change” healthcare portal that did not have multi-factor authentication enabled. Differently handles payment processing for 15 billion medical claims per year or about 40% of all claims; UHG earned that at the end of 2022.
UHG CEO Andrew Witty. Photo Credit: Tom Williams/CQ-Roll Call, Inc via Getty Images
The cyber attack disrupted daily life – some medical providers, hospitals and pharmacies were unable to fulfill patient prescriptions AND billing process for patients ABOUT week after it happened.
The US is experiencing one overall growth in data breaches. The nonprofit Identity Theft Resource Center says there has been one 72% increase in incidents from 2021 to 2023.