Change Healthcare ransomware attack exposes personal health information of over 100 million

The owner of Change Healthcare, UnitedHealth Group (UHG), has now confirmed for the first time that more than 100 million people had their personal information and health care data stolen in what was a ransomware attack.

A month later, Change Healthcare sent out a data breach notice confirming that the February ransomware attack exposed a "substantial quantity of data" affecting many Americans. UnitedHealth Group started notifying impacted individuals in late July, with notifications continuing through October, and the final tally of those affected was released this month.

There's roughly a 30% chance your personal data was compromised in this breach. Change Healthcare is one of the largest handlers of health, medical data and patient records, and in 2022 it merged with U.S. health care provider Optum as part of a deal with UHG, bringing the two giants together under UHG's umbrella.

This merger gave Optum - already managing physician groups and providing tech and data to insurers and health care services - broader access to the patient records handled by Change. Overall, UHG offers benefit plans to more than 53 million customers in the U.S. and another 5 million globally, while Optum serves about 103 million U.S. customers.

The stolen data varies by individual but includes personal information such as names, addresses, dates of birth, phone numbers, email addresses and government ID numbers, including Social Security, driver's license and passport numbers. On top of that, hackers may also have accessed health data, including diagnoses, medications, test results, imaging, care and treatment plans and health insurance information. Financial and banking details found in claims and payment data are also reportedly compromised.

The Change Healthcare data breach was caused by a ransomware attack, a type of malware attack that blocks access to the victim's personal data unless a "ransom" is paid. UHG said ALPHV/BlackCat was behind the attack, a Russian-speaking ransomware and extortion gang that later took credit for the cyberattack.

However, the attack was made possible because Change Healthcare wasn't smart enough to protect its customers' data with multifactor authentication. The company admitted this during a House hearing into the cyberattack in April. This raises an important question: how could a company that has billions of dollars in revenue and stores data for over 100 million Americans fail at basic cybersecurity?

UHG paid a ransom to get a decryptor and for the hackers to delete the stolen data. The ransom was said to be around $22 million and was supposed to be split between the affiliate and the ransomware operation. However, BlackCat kept it all for themselves and pulled an exit scam.

This complicated things for UHG because the affiliate claimed they still had the company's data. They later joined forces with a new group called RansomHub, leaking some of the stolen data and extorting a second ransom from UHG.

2) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.

4) Monitor your accounts: Breaches of this magnitude will make it a necessity for you to start routinely reviewing your bank accounts, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company. 

6) Invest in identity theft protection: Data breaches happen every day and most never make the headlines, but with an identity theft protection service, you'll be notified if and when you are affected. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

In just 2024, with over two months still to go, we've witnessed countless data breaches affecting millions of Americans. This highlights how valuable your data is and how little some companies are doing to protect it. Big firms with massive revenues are struggling to implement even the most basic cybersecurity measures, practically inviting cybercriminals to hack their systems. Change Healthcare fell into this trap by not implementing two-factor authentication, leaving everything from your financial details to health data in the hands of criminals.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.