Skip to main content

United Healthcare Data Breach Affected 100 Million Individuals

The February cyberattack on UnitedHealth’s (UNH.N) technology division, Change, compromised the personal data of 100 million individuals, as listed on the U.S. Department of Health and Human Services’ data breach records. This incident marks the largest healthcare data breach in U.S. history.

UnitedHealth previously disclosed that hackers may have accessed data for roughly a third of Americans, labeling it one of the most severe cyberattacks to affect the U.S. healthcare industry. Affected individuals began receiving notifications in June. For reference, a breach at Anthem (now Elevance Health, ELV.N) in 2015 impacted nearly 79 million people in the U.S.

UnitedHealth stated that the investigation is in its final phase, with notifications continuing as swiftly as possible. The Change division was infiltrated by the hacking group ALPHV, also known as “BlackCat,” and UnitedHealth initially reported the breach on February 21.

The hack severely disrupted claims processing, affecting patients and healthcare providers nationwide. In June, UnitedHealth issued a public statement about the ransomware attack as part of its obligations to notify the estimated one-third of the U.S. population whose data may have been compromised. Although the full scope of the data breach is unconfirmed, it may include health insurance member IDs, diagnoses, treatment details, Social Security numbers, and provider billing codes.

Earlier this month, UnitedHealth projected a $705 million business impact from this breach, including costs related to massive payment and service disruptions across the U.S. The company has issued billions in loans to providers affected by the hack and incurred significant expenses to inform customers of the data breach.