Change Healthcare’s Data Breach Affects Over 190 Million Americans
January 26, 2025 
The recent data breach at Change Healthcare has proven to be far more extensive than initially reported, impacting around 190 million individuals across the United States. This shocking revelation underscores the severity of the cyber incident that has rattled the healthcare sector.
In October 2024, UnitedHealth Group publicly disclosed that a cyber attack on Change Healthcare, which occurred in February 2024, initially estimated to affect over 100 million people. The attack caused significant disruptions to the IT operations of the organization, affecting numerous applications and services crucial to healthcare providers and pharmacies.
On February 21, a sophisticated cyber offensive led to a significant disruption of Change Healthcare’s operations. The group responsible for this breach, identified as ALPHV or BlackCat ransomware actors, claimed responsibility for the attack, indicating a calculated maneuver to compromise sensitive data.
In a public statement released on February 29, 2024, the company acknowledged the ongoing cybersecurity issue and confirmed its collaboration with law enforcement bodies and technical consultants, such as Mandiant and Palo Alto Networks, to mitigate the damages inflicted by this attack.
Compromised information from the breach is extensive and includes critical personal data like names, addresses, dates of birth, phone numbers, Social Security numbers, medical treatment records, and billing information. Such a large-scale data compromise poses serious risks not only to the affected individuals but also to healthcare providers who rely on Change Healthcare’s services for processing claims and patient information.
According to reports from the Associated Press, the financial impact of the breach has been significant, leading UnitedHealth to incur costs of approximately $1.1 billion associated with the cyber incident in the second quarter of 2024. The scale of the breach has raised concerns regarding the integrity of the health data of a large portion of the U.S. population.
The Wall Street Journal later updated the number of affected individuals, stating that hackers had stolen sensitive information belonging to an estimated 190 million people, highlighting the alarming breadth of this data breach. The incident has further implications for the healthcare industry, as it halted various insurance payment processes to providers and has brought into question the effectiveness of existing cybersecurity measures within the sector.
From a cybersecurity perspective, the tactics employed in this attack may include initial access techniques such as phishing or exploiting unpatched vulnerabilities, followed by privilege escalation to gain deeper access to sensitive systems. The persistent nature of the attack indicates a methodology consistent with Mandiant’s MITRE ATT&CK framework, suggesting advanced planning and execution on the part of the adversaries.
As the fallout from this significant data breach continues, concerns remain high regarding the security posture of organizations within the healthcare sector. This incident serves as an urgent reminder for all businesses on the importance of robust cybersecurity practices to safeguard against increasing threats in an evolving digital landscape.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon.
(SecurityAffairs – hacking, Change Healthcare)
