Skip to main content
  1. Home
  2. Computing
  3. News

100 million affected in worst U.S. health care data breach of all time

By

Until now, the worst health care data breach occurred in 2015, which compromised 78.8 million people. But the ante has been upped.

The cyberattack in question has hit a new record of 100 million people affected — and just happens to have struck the largest health care company in the world (by revenue), UnitedHealth Group.

Recommended Videos

The actual incident happened in February 2024, when a ransomware attack caused disruptions at pharmacies all across the country, originally reported by Reuters. The target was Change Healthcare, a subsidiary of UnitedHealth Group that manages finances for medical providers. Cybercriminals reportedly found their way into the Change Healthcare employee system due to a lack of multi-factor authentication on login credentials.

Related

A statement from the U.S. Senate Committee on Finance described the nightmarish results of the hack, which involved prescriptions going unfilled, doctors and hospitals not getting paid, and insurance companies unable to reimburse medical providers. “The Change Healthcare hack is considered by many to be the biggest cybersecurity disruption to health care in American history,” Sen. Ron Wyden, D-Oregon, said in the committee statement.

Approximately a third of all U.S. citizens are somehow connected to the organization, and that includes lots and lots of personal data. We all knew it was bad at the time, as the CEO of Change Healthcare said the stolen files included the personal health data for “a substantial proportion of people in America,” as reported by TechCrunch.

The attack was claimed to have been committed by the BlackCat ransomware gang, which was confirmed by Change Healthcare. A post on the dark web by the Russia-based group later claimed to have stolen the health and patient information of millions of Americans.

But now, the U.S. Department of Health and Human Services has updated the figure of those affected in its data breach portal to reveal just how bad it really is: a terrifying 100 million people. One industry journal even suggested that the round figure of 100 million could change in the future, as reported by DailyMail. Hopefully that means the actual number could be smaller, but it could just as easily go in the opposite direction.

The sheer scale makes the 5.3 million data breach that affected Mexican health care systems reported on just yesterday look negligible by comparison.

Editors’ Recommendations

Topics
Luke Larsen
Luke Larsen
Former Digital Trends Contributor
Luke Larsen is the Senior Editor of Computing, managing all content covering laptops, monitors, PC hardware, Macs, and more.
Email typo misdirects millions of U.S. military messages to Mali
nhs email gaffe button

A simple typo has caused millions of U.S. military emails to be misdirected to Mali over the last decade, the Financial Times (FT) reported on Monday.

The emails can sometimes include highly sensitive data such as diplomatic documents, tax returns, passwords, and travel information linked to leading military officers, the report said.

Read more
Chinese hackers targeting critical U.S. infrastructure, Microsoft warns
chinese hackers caught targeting vital us infrastructure china flags

State-sponsored hackers based in China have been working to compromise critical infrastructure in the U.S., Microsoft said on Wednesday. It’s thought the attacks could lead to the disruption of important communications between the U.S. and its interests in Asia during future crises.

Notable target sites include Guam, a small island in the Pacific with an important U.S. army base that could play an important role in any clash with China over Taiwan.

Read more
As ransomware hits this U.S. hospital, lives could be at risk
The CommonSpirit Health’s logo appears over the silhouette of a hacker.

A large U.S. hospital chain has been suffering from a serious security breach that has led to its computer records being taken offline. What seems to be a ransomware attack could be affecting the quality of health care provided, possibly even putting lives at risk.
According to the industry-focused news site HealthCareDive, the attack was described as an IT incident by CommonSpirit Health and reported on October 3, 2022. This is a huge hospital chain with 1,000 care sites and 140 hospitals nationwide so thousands of patients are affected. The current solution, according to a statement on CommonSpirit Health’s website, has been to take certain systems offline.

Like the rest of us, doctors and nurses are accustomed to the technology of the 21st century and have come to rely on computer records to take care of patients, plan care options, and organize data. Reverting to paper in an already hectic healthcare system must make the job torturous. We'll never know how many critical details slip through the cracks during a busy day.

Read more