Fraud Management & Cybercrime,
Healthcare,
Incident & Breach Response
Attack Costs UnitedHealth Group a Staggering $3.1 Billion
Change Healthcare has reported a drastic increase in the number of breach victims, now estimated at 190 million, marking one of the most significant data breaches of 2024. This incident, which saw protected health information compromised, has implications not only for those directly affected but also for the entire healthcare ecosystem.
See Also: OnDemand | Active Directory Under Attack: How to Build a Resilient Enterprise
UnitedHealth Group, the parent company behind Change Healthcare, disclosed that the breach occurred due to a ransomware attack in February 2024. This significant cybersecurity event has now more than doubled the number of victims reported previously to federal regulators, from 100 million to 190 million.
This attack, which already garnered the title of the largest healthcare data breach for 2024 prior to the revision, compromised essential patient information and disrupted the operations of various healthcare providers. “Providers struggled to confirm patient insurance details, impacting patient care and the financial viability of numerous hospitals,” Mike Hamilton, field CISO at Lumifi, noted in a statement to Information Security Media Group.
In October 2024, UnitedHealth Group assessed the costs associated with this incident at $2.5 billion, predicting a rise to $2.9 billion for the fiscal year. As of mid-January 2025, the estimated breach-related expenses have surged to $3.1 billion, as reported in their financial statement.
Experts point to a lack of advanced security measures, such as multifactor authentication (MFA), as a contributing factor to the breach. Had MFA been implemented effectively, analysts believe that it could have potentially thwarted the attack entirely. The MITRE ATT&CK framework indicates that tactics possibly employed in this breach include initial access through credential theft, persistence via backdoor exploits, and privilege escalation techniques.
The attack was attributed to a Western faction of the ALPHV ransomware group, also known as BlackCat, which operates within a broader network of cybercriminals termed “Scattered Spider.” This group is known for leveraging social engineering techniques, particularly when engaging help desk personnel to gain unauthorized access to systems. After UnitedHealth’s reported payment of a $22 million ransom, allegations surfaced suggesting that the cybercriminals attempted an exit scam, deceiving their affiliates and potentially resuming extortion demands via a different ransomware entity.
UnitedHealth Group is currently facing multiple proposed class-action lawsuits related to this breach, as well as legal action initiated by at least one state attorney general. The fallout from this incident underscores the pressing need for robust cybersecurity measures within the healthcare sector to safeguard sensitive patient information against emerging cyber threats.
