UnitedHealth Data Breach Hits 190 Million Americans in Worst Healthcare Hack

Nearly 190 million Americans were affected by February's cyberattack on UnitedHealth's Change Healthcare unit, almost double initial estimates, the company disclosed Friday. The breach, the largest in U.S. medical history, exposed sensitive data including Social Security numbers, medical records, and financial information.

UnitedHealth said it has not detected misuse of the stolen data or found medical databases among compromised files. Change Healthcare, a major U.S. healthcare claims processor, paid multiple ransoms after Russian-speaking hackers known as ALPHV breached its systems using stolen credentials lacking multi-factor authentication, according to CEO Andrew Witty's testimony to Congress.

Unacceptable

[cuda13579]

The CEO should be shot for allowing this to happen...smh.

Re:

[cuda13579]

(even I feel like that was a little "dark"....)

Re:

[ArchieBunker]

Social media was doing active damage control because something like 90% of the replies to the news were the laughing emoji.

This was a rare event when both sides of the political spectrum did a collective "Oh no! Anyway..."

Re:Unacceptable

[cuda13579]

Well...I'm not sure that a 90% response by the type of people that use social media AND would comment on something like that, necessarily represents 90% of society.

Re:

[jargonburn]

So dark....so delicious! :D

Re:

[ACForever]

Hear, hear!

Did not detect....

[virtig01]

"UnitedHealth said it has not detected misuse of the stolen data..."

Yeah, well, they didn't detect the hackers in their system either, so.....

Re:

[ACForever]

they just denied it and refused to defend againt it then the data was deposed

So?

[RogueWarrior65]

Social security numbers are the least secure piece of personal information in the country.

Re:

[jmccue]

That is my take, with that big credit company breach, forgot the name, been so many of them, everyone's info is out there anyway. Until these CEOs are thrown in prison, not that it will every happen, nothing will be done.

Re:

[tlhIngan]

It think it was said as a number (190M) only to obscure truth.

190 million Americans is basically their entire customer base - the population of the US is around 350M people, and thus it's more than half of Americans. Given how big they are, this checks out to likely their entire customer database.

But by saying "190 million" they wish to obscure that fact - it just sounds like a big number, but not as big a number as "the entire database".

And yes, they were doing such word games as well trying to get all tha

Re: So?

[nazsco]

just wait until trump pays musk to build a federal retinal scan instead. just like openAi corp is already pushing in empovered abd desperate argentinians with their world coin kleptocurrency.

federal retinal ID, for your security and to fight against immigrant AI from china.

Opt out

[ebonum]

How do I opt out of electronic records? On a long enough time scale, they will be hacked.
I'll pay a handling fee for paper records.

epic has all of your info anyways!

[Joe_Dragon]

epic has all of your info anyways!

Re:

[DrMrLordX]

You mean Tencent.

Re:

[Joe_Dragon]

no epic healthcare

What was the cause?

[schwit1]

How did the hackers get in? If a zero-day that's one thing. If they failed to patch or no MFA or default passwords ...

Help us Luigi Mangione, you're our only hope!

[coopertempleclause]

Just a thought, but instead of paying the hackers after the fact, why not pay competant security auditors beforehand?

Re:

[ebonum]

It is delusional to think you can actually lock down these records. One insider gets a nice payment, and good security goes out the window.

Re:

[coopertempleclause]

Do you have any proof whatsoever that that is what happened in this case? We'll wait...

This is why

[nehumanuscrede]

This is why I want nothing to do with Digital ID, CBDC and all that nonsense.

We can't even keep basic sensitive information from being hacked and leaked all
over the internet as it is because there aren't any real consequences for companies
who put bare minimum effort into data security.

Just figure

[ZipNada]

Just figure that your "Social Security numbers, medical records, and financial information" are already out there in someone's hands, and probably several.

Jail time

[andyring]

CEOs should get jail time for allowing data breaches to happen on their watch.

That'd fix this problem REAL fast.

As it stands now, the problem is they simply don't care. They've no doubt evaluated the monetary cost to harden their systems and compared it to the monetary cost of the occasional data breach, and concluded that it is cheaper to just ignore the problem and pay for the cleanup afterwards.

Re: Jail time

[fluffernutter]

And with Trump in office they will care less.