{"id":25714,"date":"2025-01-27T07:10:10","date_gmt":"2025-01-27T15:10:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2025\/01\/27\/news-19437\/"},"modified":"2025-01-27T07:10:10","modified_gmt":"2025-01-27T15:10:10","slug":"news-19437","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2025\/01\/27\/news-19437\/","title":{"rendered":"UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach"},"content":{"rendered":"\n<p>UnitedHealth <a href=\"https:\/\/techcrunch.com\/2025\/01\/24\/unitedhealth-confirms-190-million-americans-affected-by-change-healthcare-data-breach\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">says it now estimates<\/a> that the data breach on its subsidiary Change Healthcare affected 190 million people, nearly doubling its previous estimate from October.<\/p>\n<p>In May, UnitedHealth CEO Andrew Witty estimated that the ransomware attack compromised the data of a third of US individuals when he testified before the Senate Finance Committee on Capitol Hill. In October, this was largely confirmed when <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/10\/100-million-us-citizens-officially-impacted-by-change-healthcare-data-breach\">Change Healthcare reported a number of 100,000,000 affected individuals<\/a>.<\/p>\n<p>Besides the enormous number of victims, the story behind this ransomware attack is also very complex, because of the cybercriminals involved and how the first group that received the ransom payment disappeared without paying their affiliates.<\/p>\n<p>The ALPHV\/BlackCat ransomware group claimed the initial attack. The UnitedHealth Group reportedly paid <a href=\"https:\/\/www.threatdown.com\/blog\/ransomware-group-starts-leaking-change-healthcare-data\/\" target=\"_blank\" rel=\"noreferrer noopener\">$22 million<\/a> to receive a decryptor and to prevent the attackers from publicly releasing the stolen data.<\/p>\n<p>But shortly after the payment, ALPHV disappeared in an unconvincing exit scam designed to make it look as if the group\u2019s website had been seized by the FBI, forgetting to pay its affiliates in the process. A month later, newcomer ransomware group RansomHub listed Change Healthcare as a victim on its own website, claiming to have the data that ALPHV stole.<\/p>\n<p>According to <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/unitedhealth-now-says-190-million-impacted-by-2024-data-breach\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">BleepingComputer<\/a>, the original attackers joined forces with RansomHub and never deleted the data. A few days later, the listing on the RansomHub leaks site disappeared, which usually means someone paid the ransom.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-stolen-information\">Stolen information<\/h2>\n<p>The data breach at Change Healthcare is the largest healthcare data breach in US history. Although Change Healthcare provided\u00a0<a href=\"https:\/\/www.changehealthcare.com\/hipaa-substitute-notice?udm=14\" target=\"_blank\" rel=\"noreferrer noopener\">details<\/a> about\u00a0the types of medical and patient data that was stolen, it can\u2019t provide exact details for every individual. However, the exposed information may include:<\/p>\n<ul class=\"wp-block-list\">\n<li>Contact information: Names, addresses, dates of birth, phone numbers, and email addresses.<\/li>\n<li>Health insurance information: Details about primary, secondary, or other health plans\/policies, insurance companies, member\/group ID numbers, and Medicaid-Medicare-government payor ID numbers.<\/li>\n<li>Health information: Medical record numbers, providers, diagnoses, medicines, test results, images, and details of care and treatment.<\/li>\n<li>Billing, claims, and payment information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due.<\/li>\n<li>Other personal information: Social Security numbers, driver\u2019s license or state ID numbers, and passport numbers.<\/li>\n<\/ul>\n<p>Change Healthcare added:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe information that may have been involved will not be the same for every impacted individual. To date, we have not yet seen full medical histories appear in the data review.\u201d<\/p>\n<\/blockquote>\n<h2 class=\"wp-block-heading\" id=\"h-protecting-yourself-after-a-data-breach\">Protecting yourself after a data breach<\/h2>\n<p>There are some actions you can take if you are, or suspect you may have been, the&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/blog\/personal\/2023\/09\/involved-in-a-data-breach-heres-what-you-need-to-know\">victim of a data breach<\/a>.<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Check the vendor\u2019s advice.<\/strong>&nbsp;Every breach is different, so check with the vendor to find out what\u2019s happened and follow any specific advice they offer.<\/li>\n<li><strong>Change your password.<\/strong>&nbsp;You can make a stolen password useless to thieves by changing it. Choose a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/computer\/how-to-create-a-strong-password\" target=\"_blank\" rel=\"noreferrer noopener\">strong password<\/a>&nbsp;that you don\u2019t use for anything else. Better yet, let a&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\" target=\"_blank\" rel=\"noreferrer noopener\">password manager<\/a>&nbsp;choose one for you.<\/li>\n<li><strong>Enable two-factor authentication (2FA).<\/strong>&nbsp;If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of&nbsp;<a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\" target=\"_blank\" rel=\"noreferrer noopener\">two-factor authentication (2FA)<\/a>&nbsp;can be phished just as easily as a password. 2FA that relies on a FIDO2 device can\u2019t be phished.<\/li>\n<li><strong>Watch out for fake vendors.<\/strong>&nbsp;The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the&nbsp;identity of anyone who contacts you&nbsp;using a different communication channel.<\/li>\n<li><strong>Take your time.<\/strong>&nbsp;Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.<\/li>\n<li><strong>Consider not storing your card details<\/strong>. It\u2019s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.<\/li>\n<li><strong>Set up identity monitoring.<\/strong>&nbsp;<a href=\"https:\/\/go.cyrus.app\/MN4j\/fkkekmw9\" target=\"_blank\" rel=\"noreferrer noopener\">Identity monitoring<\/a>&nbsp;alerts you if your personal information is found being traded illegally online, and helps you recover after.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-check-your-digital-footprint\">Check your digital footprint<\/h2>\n<p>Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it\u2019s best to give the one you most frequently use) to our\u00a0<a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">free Digital Footprint scan<\/a>\u00a0and we\u2019ll give you a report and recommendations.<\/p>\n<div class=\"wp-block-malware-bytes-button mb-button\" id=\"mb-button-7ba16f0b-04e8-4679-9512-2f21a0971dcf\">\n<div class=\"mb-button__row u-justify-content-center\">\n<div class=\"mb-button__item mb-button-item-0\">\n<p class=\"btn-main\"><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint?utm_source=blog&amp;utm_medium=social&amp;utm_campaign=b2c_pro_acq_fy25dfplaunch_171269600960&amp;utm_content=V1\"><\/a><a href=\"https:\/\/www.malwarebytes.com\/digital-footprint\">SCAN NOW<\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2025\/01\/unitedhealth-almost-doubles-victim-numbers-from-massive-change-healthcare-data-breach\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> UnitedHealth now estimates that 190 million people were affected by the massive Change Healthcare data breach nearly a year ago. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[32074,11172,32,5897,3765,30958],"class_list":["post-25714","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-change-helathcare","tag-data-breach","tag-news","tag-privacy","tag-ransomware","tag-unitedhealth"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25714"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25714\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}