In February 2024, an unexpected cyberattack at Change Healthcare exposed the personal data of nearly 200 million Americans, raising concerns about the security of healthcare information. Initially reported in October to the U.S. Department of Health and Human Services, this breach has been recognized as the largest in U.S. healthcare history. The cyberattack, which involved ransomware, compromised sensitive information even though a ransom was paid to halt the further spread of the data.
Details regarding the breach revealed that personal data may have been sold on the dark web, although UnitedHealth Group, the parent company of Change Healthcare, has not found concrete evidence of the stolen data being used for identity theft or other malicious activities. Despite this, the company has taken steps to notify most of the affected individuals, offering identity protection services as a precautionary measure. UnitedHealth’s CEO, Andrew Witty, attributed the breach to a single server that lacked multifactor authentication, underscoring the need for stronger cybersecurity measures.
With Change Healthcare responsible for processing the majority of medical claims, the incident has potentially impacted approximately one-third of Americans. As investigations continue, the total number of affected people may increase, with a final report pending submission to the HHS. The breach has prompted a reevaluation of data security practices within the healthcare sector, illustrating the urgent necessity for robust and comprehensive protection mechanisms to safeguard sensitive personal information against future cyber threats.
