Change Healthcare, a subsidiary of UnitedHealth, initially reported a data breach in October last year that was considered the worst in the industry. The breach, which affected up to 100 million users, has now grown to an alarming 190 million, according to Tech Crunch. Cybercriminals reportedly exploited an employee system that lacked multi-factor authentication.
UnitedHealth confirmed the new numbers for the ransomware attack on Friday. “Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” Tyler Mason, a spokesperson for UnitedHealth Group, wrote in an email to TechCrunch.
The vast majority of affected people have already received an individual or substitute notice, and UnitedHealth says the final number will be confirmed and filed with the Office for Civil Rights at a later date. The spokesperson said they were “not aware of any misuse of individuals’ information as a result of this incident and had not seen electronic medical record databases appear in the data during the analysis.”
In the meantime, users can only worry about who has access to data such as their Social Security number, driver’s license number, passport number, diagnoses, test results, medications, and health insurance information. Furthermore, when this breach started, those affected also had to deal with widespread disruption of the healthcare system, preventing pharmacies and doctors from accepting discount prescription cards, which resulted in patients paying full price. Pharmacies and doctors could not file claims.
If there is any consolation, those responsible for the breach were found. The BlackCat ransomware gang was responsible for the attack that took 6TB of data. This incident highlights the importance of taking cybersecurity seriously and the necessary precautions to keep your data safe — our roundup of the best antivirus software can help you on that front.
