What is Change Healthcare Breach?
A February 2024 ransomware attack on UnitedHealth Group's Change Healthcare subsidiary that exposed the medical and personal data of over 100 million Americans — the largest healthcare data breach in US history.
Also known as: UnitedHealth Breach, Change Healthcare Ransomware Attack, UHG Data Breach
The Change Healthcare breach exposed the medical records of over 100 million Americans — roughly 1 in 3 people in the country. It paralyzed the US healthcare system for weeks and demonstrated how a single company's failure can cascade across an entire industry.
What Happened
- February 21, 2024: ALPHV/BlackCat ransomware group attacked Change Healthcare
- Change Healthcare processes 15 billion healthcare transactions per year — roughly 50% of all US medical claims
- The attack shut down claims processing across the entire US healthcare system
- Hospitals, pharmacies, and doctors couldn't process insurance claims for weeks
- UnitedHealth paid a $22 million ransom (which the ransomware group stole from its own affiliates)
- A second extortion attempt followed from a different group ("RansomHub")
What Was Exposed
- Health insurance member IDs
- Medical diagnoses and conditions
- Treatment information and medications
- Social Security numbers
- Billing and claims data
- Personal information (names, addresses, dates of birth)
Scale of Impact
- 100+ million individuals affected (largest healthcare breach in US history)
- Weeks of healthcare disruption — patients couldn't fill prescriptions, providers couldn't bill
- Small medical practices faced financial ruin from inability to process claims
- Total cost to UnitedHealth: estimated $2.5 billion+
Why It Matters
Healthcare Monopoly Risk
Change Healthcare's dominance (processing half of US claims) created a single point of failure for the entire healthcare system. When one company handles everything, one breach affects everyone.
Medical Data Is Forever
Unlike financial data, your medical history cannot be changed. Diagnoses, treatments, and conditions are permanent records that can affect insurance, employment, and personal relationships.
Ransom Was Paid
UnitedHealth confirmed paying the ransom, which funds future attacks and proves ransomware works against healthcare.
How to Protect Your Medical Privacy
- Check if you were affected at UnitedHealth's notification portal
- Monitor your health insurance statements for fraudulent claims
- Freeze your credit — medical identity theft often leads to financial fraud
- Request your medical records and check for unfamiliar entries
- Be wary of follow-up scams — breached data is used for targeted phishing
Related Terms
Data Breach
A security incident where protected, sensitive, or confidential data is accessed, stolen, or exposed by unauthorized individuals. Data breaches can result from hacking, insider threats, lost devices, or misconfigured systems.
HIPAA
The Health Insurance Portability and Accountability Act establishes national standards for protecting sensitive patient health information in the United States, requiring safeguards for electronic health data and giving patients rights over their medical records.
Identity Theft
The fraudulent use of someone's personal information — such as Social Security number, credit card details, or login credentials — to commit crimes or financial fraud.
PII (Personally Identifiable Information)
Any data that can be used to identify a specific individual, including name, address, phone number, email, Social Security number, and biometric data.
Ransomware
Malware that encrypts a victim's files and demands payment (usually cryptocurrency) for the decryption key. Modern ransomware also threatens to publish stolen data if ransom isn't paid (double extortion).
Have more questions?
Use our guided flow to get the right next privacy step for Change Healthcare Breach.
Open Guided Flow