The US Department of Health and Human Services confirmed that a data breach at Change Healthcare, a UnitedHealth subsidiary, impacted 100 million individuals last February. This cyberattack was carried out by the ransomware hacking group ALPHV, also known as “BlackCat.” The breach affected not only UnitedHealth policyholders but also users of other health insurance carriers that Change Healthcare collaborates with, such as Aetna, Anthem, Blue Cross Blue Shield and Cigna. UnitedHealth CEO Andrew Witty disclosed that the hacker group gained access to an employee’s login credentials and used them to remotely access desktops through an application lacking multifactor authentication. The breach disrupted medical services nationwide, impacting medical claims processing, payment platforms and pharmacy network services.
UnitedHealth has notified all 100 million affected individuals about the breach, although they cannot specify the exact data compromised for each person. Potentially compromised information includes Social Security and passport numbers, patient diagnoses, medical records, billing information, and health insurance plan data. UnitedHealth offers support for impacted individuals through a hotline for additional assistance and provides IDX identity theft protection for up to two years. Individuals are advised to review their healthcare policy for any discrepancies, monitor credit reports for unauthorized activity, check bank accounts for suspicious transactions, freeze credit reports to prevent new credit approvals, and consider signing up for ongoing identity theft protection services.
If you believe your information was compromised in the Change Healthcare breach, the company has a FAQ support page and a hotline for enrollment in identity theft protection. Additionally, individuals should review their healthcare policies, monitor credit reports for unrecognized activity, check bank statements for suspicious transactions, freeze credit reports to prevent new credit approvals, and sign up for identity theft protection services for ongoing monitoring and insurance coverage in case of identity theft. By taking these proactive measures, individuals can protect their personal information and minimize the risk of identity theft resulting from the data breach.
