{"id":25379,"date":"2024-10-25T09:10:09","date_gmt":"2024-10-25T17:10:09","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/10\/25\/news-19109\/"},"modified":"2024-10-25T09:10:09","modified_gmt":"2024-10-25T17:10:09","slug":"news-19109","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/10\/25\/news-19109\/","title":{"rendered":"100 million US citizens officially impacted by Change Healthcare data breach"},"content":{"rendered":"\n<p>In April, we <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/04\/substantial-proportion-of-americans-may-have-had-health-and-personal-data-stolen-in-change-healthcare-breach\">reported<\/a> that a \u201csubstantial proportion\u201d of Americans may have had their health and personal data stolen in the Change Healthcare breach. That was based on a <a href=\"https:\/\/www.unitedhealthgroup.com\/newsroom\/2024\/2024-04-22-uhg-updates-on-change-healthcare-cyberattack.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">report<\/a> provided by the UnitedHealth Group after\u00a0the February cyberattack on its subsidiary Change Healthcare.<\/p>\n<p>The attack on Change Healthcare, which processes about 50% of US medical claims, was one of the worst ransomware attacks against American healthcare and caused widespread disruption in payments to doctors and health facilities.<\/p>\n<p>UnitedHealth CEO Andrew Witty estimated the attack compromised the data of a <a href=\"https:\/\/www.healthcaredive.com\/news\/change-healthcare-cyberattack-congress-unitedhealth-andrew-witty\/714954\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">third of US individuals<\/a> when he testified before the Senate Finance Committee on Capitol Hill on May 1, 2024 in Washington, DC.<\/p>\n<p>He wasn\u2019t exaggerating. Yesterday, Change Healthcare reported a number of 100,000,000 affected individuals on the <a href=\"https:\/\/ocrportal.hhs.gov\/ocr\/breach\/breach_report.jsf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">breach portal of the US Department of Health and Human Services<\/a> (HHS).<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"850\" height=\"161\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/Data_entry.png\" alt=\"Change HelathCare, Inc. entry in data breach portal HHS showing 100000000 Individuals Affected by Hacking\/IT Incident\" class=\"wp-image-119622\" \/><\/figure>\n<p>The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities\u2019 compliance with the <a href=\"https:\/\/www.hhs.gov\/hipaa\/index.html\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules<\/a>. OCR did this because of the cyberattack\u2019s unprecedented impact on patient care and privacy.<\/p>\n<p>On July 19, 2024, Change Healthcare filed a breach report with OCR that identified 500 individuals as the \u201capproximate number of individuals affected.\u201d This is the minimum number of individuals affected that results in a posting of a breach on the HHS Breach Portal, and it was perhaps cited because Change Healthcare still needed to determine the actual number of impacted users.<\/p>\n<p>Acting Director of the Office for Civil Rights at the US Department of Health &amp; Human Services Melanie Fontes Rainer said about 140 million people were affected by large breaches in 2023, up from 51 million in 2022. And 2024 looks even worse, she added:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cAnd this year, with both the Change breach and Ascension breach, we expect that number to potentially double or go higher.\u201d<\/p>\n<\/blockquote>\n<p>Affected people can visit a dedicated website at&nbsp;<a href=\"http:\/\/changecybersupport.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">changecybersupport.com<\/a>&nbsp;to get more information or call 1-866-262-5342 to set up free credit monitoring and identity theft protection.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-protecting-yourself-after-a-data-breach\"><strong>Protecting yourself after a data breach<\/strong><\/h2>\n<p>There are some actions you can take if you are, or suspect you may have been, the&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/involved-in-a-data-breach-heres-what-you-need-to-know\">victim of a data breach<\/a>.<\/p>\n<ul>\n<li><strong>Check the vendor\u2019s advice.<\/strong>&nbsp;Every breach is different, so check with the vendor to find out what\u2019s happened, and follow any specific advice they offer.<\/li>\n<li><strong>Change your password.<\/strong>&nbsp;You can make a stolen password useless to thieves by changing it. Choose a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/computer\/how-to-create-a-strong-password\" target=\"_blank\" rel=\"noreferrer noopener\">strong password<\/a>&nbsp;that you don\u2019t use for anything else. Better yet, let a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">password manager<\/a>&nbsp;choose one for you.<\/li>\n<li><strong>Enable two-factor authentication (2FA).<\/strong>&nbsp;If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\" target=\"_blank\" rel=\"noreferrer noopener\">two-factor authentication (2FA)<\/a>&nbsp;can be phished just as easily as a password. 2FA that relies on a FIDO2 device can\u2019t be phished.<\/li>\n<li><strong>Watch out for fake vendors.<\/strong>&nbsp;The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the&nbsp;identity of anyone who contacts you&nbsp;using a different communication channel.<\/li>\n<li><strong>Take your time.<\/strong>&nbsp;Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.<\/li>\n<li><strong>Consider not storing your card details<\/strong>. It\u2019s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.<\/li>\n<li><strong>Set up identity monitoring.<\/strong>&nbsp;<a href=\"https:\/\/go.cyrus.app\/MN4j\/fkkekmw9\" target=\"_blank\" rel=\"noreferrer noopener\">Identity monitoring<\/a>&nbsp;alerts you if your personal information is found being traded illegally online, and helps you recover after.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-check-your-digital-footprint\"><strong>Check your digital footprint<\/strong><\/h2>\n<p>Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it\u2019s best to give the one you most frequently use) to our&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">free Digital Footprint scan<\/a>&nbsp;and we\u2019ll give you a report and recommendations.<\/p>\n<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/10\/100-million-us-citizens-officially-impacted-by-change-healthcare-data-breach\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Change Healtcare has confrimed that at least 100M US citizens personal data were impacted by their February data breach <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[30957,18651,32,5897,30958],"class_list":["post-25379","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-change-healthcare","tag-hhs","tag-news","tag-privacy","tag-unitedhealth"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25379","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25379"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25379\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25379"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}