Massive Ransomware Attack on Change Healthcare
- UnitedHealth-owned Change Healthcare experienced a massive ransomware attack.
- The attack is considered one of the biggest data breaches in U.S. medical data history.
- The cyberattack timeline sheds light on the severity of the breach and its implications.
A ransomware attack on Change Healthcare, a health tech company owned by UnitedHealth, has emerged as one of the largest data breaches in U.S. history, impacting a significant portion of the American population. Following the cyberattack in February, many individuals are now receiving notifications that their personal and health information was compromised. Initially misattributed to state-sponsored hackers, UnitedHealth later clarified that the breach was executed by the ALPHV/BlackCat ransomware gang. The ALPHV group claimed responsibility for the attack, asserting that they stole sensitive health data from millions of Americans and demanded a ransom of $22 million. Despite UnitedHealth's payment of the ransom, the hackers retained the stolen data, prompting Change Healthcare to begin the arduous process of identifying affected individuals. By late March, the U.S. government increased its bounty for information on the gang's leadership, highlighting the severity of the situation. In mid-April, the affiliate responsible for the breach launched a new extortion scheme called RansomHub, further complicating the aftermath of the attack. On April 22, UnitedHealth confirmed the data breach, estimating that it could affect about one-third of the U.S. population, aligning with the number of healthcare claims processed by Change Healthcare. The company has since initiated a rolling notification process to inform those whose data was compromised, detailing the types of stolen information, including medical records and financial data.