Trending

UnitedHealth Confirms Hack Impacted 100 Million Americans

UnitedHealth has confirmed, for the first time, that the data of 100 million American citizens were compromised in the hack earlier in the year.

The February cyberattack targeted UnitedHealth’s Change Healthcare unit. The U.S. Department of Health and Human Services Office for Civil Rights (OCR) was notified by Change Healthcare that “approximately 100 million individual notices have been sent regarding this breach,” according to an Oct. 24 update on the federal agency’s website with its data breach portal reflecting the revised numbers.

In May, during a House Oversight and Investigations Subcommittee hearing on the hacking incident, UnitedHealth CEO Sir Andrew Witty told lawmakers that the breach impacted a third of Americans, who could have had their sensitive health information leaked to the dark web. The 100-million mark makes the incident the largest-ever health care data breach in the country.

The total yearly estimated costs of the cyberattack are $2.87 billion, based on UnitedHealth Group’s Q3 report, published this month—up from the $2.45 billion estimated in July. Revenues for the corporation went up nearly $8.5 billion to $100.8 billion in the third quarter, with commercial domestic customers increasing by 2.4 million yearly.

According to Change Healthcare (CHC), the data breach could be different for each impacted individual, with information such as first and last name, address, date of birth, phone number, and email falling into the hands of malicious actors.

Other than basic identification, hackers would have acquired health insurance information, including primary, secondary, or other health plans/policies, insurance companies, and Medicaid-Medicare-government payor ID numbers, as well as medical record numbers, providers, diagnoses, medicines, test results, images, care, and treatment.

Other breached information includes billing, claims, and payment information such as payment cards, financial and banking information, Social Security numbers, driver’s licenses or state ID numbers, and passport numbers. This information could be related to patients or guarantors who paid bills for health care services.

“The attack occurred because UnitedHealth wasn’t using multifactor authentication [MFA], which is an industry standard practice, to secure one of their most critical systems,” according to an Oversight and Investigations Subcommittee report published in May.

Read more.

BACK TO HOMEPAGE