Change Healthcare Breach Impacted 190 Million Americans

By  |  January 26, 2025
 | 

The biggest medical-related data breach in U.S. history was even larger than first estimated.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The ransomware attack on UnitedHealth’s Change Healthcare business last year impacted around 190 million people, almost double past estimates, TechCrunch reported Friday (Jan. 24).

    “Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” Tyler Mason, a spokesperson for UnitedHealth, wrote in an email to the publication.

    The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date.” 

    The statement added that the company was “not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis.” 

    Last year’s attack caused months of outages throughout the American healthcare system, as Change is one of the biggest processors of health claims in the country, while also handling vast swaths of health and medical data and patient records.

    Advertisement: Scroll to Continue

    Hackers stole huge amounts of health and insurance-related info, publishing some of it online. Change Healthcare paid at least two ransoms to keep other info from being made public. According to the TechCrunch report, UnitedHealth had previously said around 100 million people were impacted by the breach.

    As PYMNTS wrote last month, the attack was one of several high profile cybersecurity incidents last year, a list that also includes a breach at background check firm National Public Data that led to the stolen information of 2.9 billion people. There was also the Snowflake data breach which encompassed AT&T, Santander Bank, Advance Auto Parts, Ticketmaster parent company LiveNation and more than 160 of the world’s largest companies.

    “But those attacks only scratched the surface of emerging enterprise vulnerabilities,” that report said. “As we enter 2025, the lessons from these breaches are more relevant than ever for businesses navigating the digital frontier.”

    In other cybersecurity news, PYMNTS wrote last week about the rise of artificial intelligence (AI) use in security systems.

    Research by PYMNTS Intelligence shows that the number of chief operating officers (COOs) reporting that their companies have adopted AI-powered automated cybersecurity management systems tripled last year, reaching 55% in August 2024, up from about 17% last May. 

    Each of the COOs surveyed for the research represents a company that generates more than $1 billion in revenue per year.

     


    Recommended

    Cloudflare

    Cloudflare Says It Resolved Services Issues Caused by Software Update

    Healthcare AI Shifts Focus From Diagnosis to Workflow

    Banks Lose Millions as Outdated Billing Drains the Bottom Line

    AI Fraudsters Crash Identity Systems Built for Yesterday

    See More In: , , , , , , , , , , ,