UnitedHealth Hack Hit 100 Million People: US Health Dept

It’s a dangerous, dangerous world out there. Especially in the digital realm where anyone can pretend to be who they wish to be.

On the flip side, people who are just being themselves are also at threat, as their personal data and other key information are held on databases and network servers owned by various businesses and organizations. Of course, these entities use powerful and capable cybersecurity tools to protect data.

However, sometimes these servers or platforms connected to them could throw out bugs or vulnerabilities, leading to data leaks.

This becomes even worse with the addition of highly skilled bad actors who scour the internet with malicious intent. Their plans are simple; steal as much data as possible. This data is then dumped on secret websites, put up for sale, or used as collateral for ransom against businesses and other organizations.

One such case is that of UnitedHealth, which occurred on February 21, 2024.

Here, a cybercriminal group that calls itself ALPHV or BlackCat deployed a ransomware attack on Change Healthcare’s network servers and IT systems, which included encrypting its systems and denying access to the company.

Change Healthcare is UnitedHealthcare’s healthcare technology company that focuses on insights, innovation and accelerating the transformation of the US healthcare system.

At the time, Andrew Witty, CEO of UnitedHealth Group, said, “We are committed to providing relief for people affected by this malicious attack on the U.S. health system. All of us at UnitedHealth Group feel a deep sense of responsibility for recovery and are working tirelessly to ensure that providers can care for their patients and run their practices, and that patients can get their medications. We’re determined to make this right as fast as possible.”

Once the healthcare company became aware of the attack, it immediately disconnected Change Healthcare’s systems to prevent further damage.

However, significant damage was already done. What was left to determine was the extent of the impact.

The hack was one of the worst to hit the US healthcare sector, with UnitedHealth saying the attackers stole 33% of Americans’ data.

Now, we have an official updated number – 100,000,000.

The hack hit and affected the personal information of 100 million people in the United States. In comparison, the second worst attack in at least the last two years is a measly 14 million (14,762,475 to be exact).


As such, the company had begun notifying potentially affected patients in June, while the company said it couldn’t confirm the nature of the data affected by the breach.

The hack also caused widespread disruptions in claims processing across the US, affecting patients and healthcare providers alike.

In May, CEO Andrew Witty also confirmed that the company had paid a ransom of $22 million, saying, “The decision to pay a ransom was mine. This was one of the hardest decisions I’ve ever had to make, and I wouldn’t wish it on anyone.”

Do you think healthcare providers and other organizations connected to the healthcare sector should be required to possess more robust cybersecurity systems before being able to ply their services?

Let us know in the comments below!