Skip to main content

The worst health care data breach in history just got worse

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.
Sora Shimazaki / Pexels

Change Healthcare, a subsidiary of UnitedHealth, initially reported a data breach in October last year that was considered the worst in the industry. The breach, which affected up to 100 million users, has now grown to an alarming 190 million, according to Tech Crunch. Cybercriminals reportedly exploited an employee system that lacked multi-factor authentication.

UnitedHealth confirmed the new numbers for the ransomware attack on Friday. “Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” Tyler Mason, a spokesperson for UnitedHealth Group, wrote in an email to TechCrunch.

Recommended Videos

The vast majority of affected people have already received an individual or substitute notice, and UnitedHealth says the final number will be confirmed and filed with the Office for Civil Rights at a later date. The spokesperson said they were “not aware of any misuse of individuals’ information as a result of this incident and had not seen electronic medical record databases appear in the data during the analysis.”

In the meantime, users can only worry about who has access to data such as their Social Security number, driver’s license number, passport number, diagnoses, test results, medications, and health insurance information. Furthermore, when this breach started, those affected also had to deal with widespread disruption of the healthcare system, preventing pharmacies and doctors from accepting discount prescription cards, which resulted in patients paying full price. Pharmacies and doctors could not file claims.

If there is any consolation, those responsible for the breach were found. The BlackCat ransomware gang was responsible for the attack that took 6TB of data. This incident highlights the importance of taking cybersecurity seriously and the necessary precautions to keep your data safe — our roundup of the best antivirus software can help you on that front.

Judy Sanhz
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
The 23andMe data breach just keeps getting scarier
A 23andMe kit

The 23andMe breach that took place in October has been confirmed as much worse than originally reported, affecting 6.9 million people, as opposed to the 14,000 users first thought.

Information stolen in the breach included users' full names, birth years, relationship labels, and locations. Approximately 1.4 million users also had Family Tree profile information on the service compromised. Hackers could also access genetic information in the breach, including details about common DNA percentages shared with relatives, and specifics such as chromosome matching, according to a spokesperson.

Read more
A massive data breach has left Intel scrambling for solutions
A render of an Intel Core HX chip.

A security breach in March robbed MSI of up to 1.5TB of sensitive data. However, MSI is not the only company impacted.

As a result of the breach, Intel is now investigating a major leak of Intel Boot Guard keys. The extent of the damage is still unclear, but the worst-case scenario is that the security feature is now useless on compromised devices -- and that's a pretty lengthy list.

Read more
Microsoft data breach exposed sensitive data of 65,000 companies
A depiction of a hacker breaking into a system via the use of code.

Microsoft servers have been subject to a breach that might have affected over 65,000 entities across 111 countries, according to the security research firm, SOCRadar.

SOCRadar claims that it shared with Microsoft its findings, which detailed that a misconfigured Azure Blob Storage was compromised and might have exposed approximately 2.4TB of privileged data, including names, phone numbers, email addresses, company names, and attached files containing proprietary company information, such as proof of concept documents, sales data, product orders, among other information.

Read more