UnitedHealth Data Breach: Many Americans Exposed on Dark Web

Why Trust Techopedia
Key Takeaways

  • UnitedHealth Group admits a ransomware attack on Change Healthcare compromised the private healthcare data of a significant portion of Americans.
  • 22 screenshots containing personal data from the breach were temporarily posted on the dark web, raising significant privacy concerns.
  • UnitedHealth Group has implemented several steps to protect individuals potentially impacted by the data breach.

UnitedHealth Group confirmed that an attack on its subsidiary, Change Healthcare, compromised the personal health data of many Americans.

Health insurance leader UnitedHealth Group has acknowledged that an earlier ransomware attack on its subsidiary, Change Healthcare, led to a significant breach that compromised the private healthcare data of a “substantial proportion of people in America.”

Change Healthcare handles insurance and billing for numerous hospitals, pharmacies, and medical practices in the U.S. healthcare industry, accessing extensive health data for approximately half of all Americans.

Overview of Cyber Attack

In early 2024, Change Healthcare, a subsidiary of the major health insurer UnitedHealth Group, experienced a major ransomware attack. The company’s cybersecurity team promptly detected the breach and immediately investigated its scope and impact.

In response to the attack, UnitedHealth Group carried out a thorough initial review of the data to assess the exposure of protected health information (PHI) and personally identifiable information (PII). This review revealed files containing PHI or PII, potentially affecting many people in America.

It was found that a cybercriminal briefly posted 22 screenshots, believed to be from the stolen files containing PHI and PII, on the dark web. Since then, there have been no further disclosures of PHI or PII.

Significantly, no evidence was found of the exfiltration of highly sensitive materials like doctors’ charts or complete medical histories.

The attack raises serious concerns due to Change Healthcare’s vital role in the healthcare sector, notably in data management and claims processing.

Key Impacts on Healthcare Services:


  • Pharmacy Services Disruption: The attack severely disrupted pharmacy service claims systems, impacting nearly 99% of pharmacy operations that depend on Change Healthcare. This disruption critically threatened patient access to medications.
  • Medical Claims Processing: Significant delays occurred in medical claims processing, a key system for reimbursing healthcare providers. The effects were felt throughout the US health system, potentially delaying patient treatments and disrupting provider operations.
  • Payment Processing Slowdown: Change Healthcare’s payment processing capabilities, which are responsible for about 6% of all US healthcare transactions, also suffered. This issue raised concerns about healthcare providers’ financial liquidity, affecting the overall efficiency of the health system.

Current Status of Impacted Services

Following the disruptive ransomware attack on Change Healthcare, significant progress has been made toward restoring the operational capabilities of key services. Here is an update on the current status:

  • Pharmacy Services: Pharmacy services operations have almost completely recovered, reaching near-normal levels. This rapid recovery has been essential in maintaining uninterrupted patient access to medications nationwide.
  • Medical Claims Processing: There has been significant improvement in restoring medical claims processing systems. These systems are now functioning with increased efficiency, which has reduced delays in treatments and payments throughout the US health system.
  • Payment Processing: Payment processing services, which manage a large portion of healthcare transactions, are showing continuous improvement. These services operate at about 86% of their capacity before the incident, with ongoing efforts to achieve full functionality.

Despite these improvements, some challenges persist, particularly in fully stabilizing all operational platforms. UnitedHealth Group is actively addressing these issues, taking strong measures to restore and enhance the resilience of its systems against future cyber threats.

Protection Measures

UnitedHealth Group has implemented several steps to protect individuals potentially impacted by the data breach:

  • Free Credit Monitoring: To guard against potential financial fraud, affected individuals are offered free credit monitoring services.
  • Identity Theft Protection Services: These services are designed to prevent identity theft and support quick recovery should any identity fraud occur.
  • Dedicated Support Resources: A dedicated website and call center (1-866-262-5342) have been established. The call center is staffed with trained clinicians who are ready to address concerns and offer guidance on protecting personal information.

Monitoring and Future Safeguards

UnitedHealth Group is vigilantly monitoring the internet and dark web for any further exposure of sensitive data following the cyberattack on Change Healthcare. To enhance its monitoring capabilities, the company has enlisted the help of external cybersecurity experts.

Key monitoring and collaboration efforts:

  • Advanced Monitoring Tools: These continuously scan the Internet and dark web, enabling the company to detect and respond quickly to any signs of data misuse.
  • Expert Cybersecurity Partnerships: UnitedHealth Group collaborates with cybersecurity professionals who analyze and mitigate data breaches.

Additionally, UnitedHealth Group is constantly communicating and cooperating with law enforcement agencies and regulatory bodies. This collaboration is vital for investigating the breach and ensuring compliance with data protection regulations.