The UnitedHealth cyberattack in February 2024 exposed over 100 million Americans’ sensitive health data. This cyberattack made it the largest U.S. healthcare data breach. The ransomware group is known as the BlackCat.
Extent of the Breach
Over 100 million individuals were impacted by the UnitedHealth cyberattack, which ranks as the largest healthcare data breach in U.S. history. The attack exposed sensitive information including medical diagnoses and Social Security numbers. Change Healthcare, a major UnitedHealth subsidiary was specifically targeted, leading to unprecedented disruptions across various healthcare systems.
The breach exposed the health data of nearly a third of all Americans. As a response, UnitedHealth implemented multi-factor authentication across internal systems, aiming to bolster their cybersecurity measures and prevent future breaches of this magnitude.
UnitedHealth says over 100M people had their data stolen in the February ransomware attack on Change Healthcare, the largest-ever US healthcare data breach (@lawrenceabrams / BleepingComputer)https://t.co/DMt8INudAh
📫 Subscribe: https://t.co/OyWeKSRpIMhttps://t.co/cqpcCoPgU6
— Techmeme (@Techmeme) October 25, 2024
Perpetrators and Methods
ALPHV, also known as BlackCat, conducted the ransomware attack. Exploiting weaknesses like stolen employee credentials and the lack of multi-factor authentication on Citrix remote access services, the group succeeded in infiltrating UnitedHealth’s systems. They gained extensive access to sensitive data, demonstrating significant flaws in existing cybersecurity protocols.
As reported by Bleeping Computer, UnitedHealth CEO Andrew Witty’s written testimony to a House committee said the threat actors got in by using stolen credentials for a Citrix remote access service that lacked multifactor authentication.
Despite UnitedHealth paying a $22 million ransom, assurances regarding the deletion of compromised data remain dubious. ALPHV reportedly shut down its servers post-payment, yet concrete proof of data erasure is unavailable, prolonging concerns about future unauthorized information use.
Healthcare data and personal information of more than 100 million people was stolen in the ransomware attack on Change Healthcare in February, UnitedHealth has confirmed for the first time. https://t.co/BMrMUP0jze
— KOAA News5 (@KOAA) October 28, 2024
Repercussions and Responses
The attack induced significant disruptions in healthcare operations, affecting billing, claims, and prescription processes. UnitedHealth and Change Healthcare issued public notices over multiple months, detailing the breach’s impact on affected individuals. Simultaneously, federal investigations continue to unravel deeper insights into the breach’s specifics and subsequent actions.
This breach underscores the dire need for robust cybersecurity frameworks within the healthcare industry. Ensuring adequate protections, like enhanced authentication measures, remains paramount for safeguarding sensitive information against sophisticated cyber threats.