Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Privacy United States

UnitedHealth Data Breach Hits 190 Million Americans in Worst Healthcare Hack (techcrunch.com) 27

Posted by msmash from the burying-big-news-to-Friday dept.
Nearly 190 million Americans were affected by February's cyberattack on UnitedHealth's Change Healthcare unit, almost double initial estimates, the company disclosed Friday. The breach, the largest in U.S. medical history, exposed sensitive data including Social Security numbers, medical records, and financial information.

UnitedHealth said it has not detected misuse of the stolen data or found medical databases among compromised files. Change Healthcare, a major U.S. healthcare claims processor, paid multiple ransoms after Russian-speaking hackers known as ALPHV breached its systems using stolen credentials lacking multi-factor authentication, according to CEO Andrew Witty's testimony to Congress.
This discussion has been archived. No new comments can be posted.

UnitedHealth Data Breach Hits 190 Million Americans in Worst Healthcare Hack More

UnitedHealth Data Breach Hits 190 Million Americans in Worst Healthcare Hack

Comments Filter:

  • Unacceptable (Score:5, Funny)

    by cuda13579 ( 1060440 ) on Friday January 24, 2025 @07:29PM (#65116765)

    The CEO should be shot for allowing this to happen...smh.

  • Did not detect.... (Score:5, Insightful)

    by virtig01 ( 414328 ) on Friday January 24, 2025 @07:37PM (#65116783)

    "UnitedHealth said it has not detected misuse of the stolen data..."

    Yeah, well, they didn't detect the hackers in their system either, so.....

  • Social security numbers are the least secure piece of personal information in the country.

    • Re: (Score:2)

      by jmccue ( 834797 )
      That is my take, with that big credit company breach, forgot the name, been so many of them, everyone's info is out there anyway. Until these CEOs are thrown in prison, not that it will every happen, nothing will be done.

      • Re: (Score:2)

        by tlhIngan ( 30335 )

        It think it was said as a number (190M) only to obscure truth.

        190 million Americans is basically their entire customer base - the population of the US is around 350M people, and thus it's more than half of Americans. Given how big they are, this checks out to likely their entire customer database.

        But by saying "190 million" they wish to obscure that fact - it just sounds like a big number, but not as big a number as "the entire database".

        And yes, they were doing such word games as well trying to get all tha

    • just wait until trump pays musk to build a federal retinal scan instead. just like openAi corp is already pushing in empovered abd desperate argentinians with their world coin kleptocurrency.

      federal retinal ID, for your security and to fight against immigrant AI from china.

  • Opt out (Score:3)

    by ebonum ( 830686 ) on Friday January 24, 2025 @07:53PM (#65116809)

    How do I opt out of electronic records? On a long enough time scale, they will be hacked.
    I'll pay a handling fee for paper records.

  • How did the hackers get in? If a zero-day that's one thing. If they failed to patch or no MFA or default passwords ...

  • Help us Luigi Mangione, you're our only hope! (Score:4, Funny)

    by coopertempleclause ( 7262286 ) on Friday January 24, 2025 @09:24PM (#65116945)
    Just a thought, but instead of paying the hackers after the fact, why not pay competant security auditors beforehand?

    • Re: (Score:2)

      by ebonum ( 830686 )

      It is delusional to think you can actually lock down these records. One insider gets a nice payment, and good security goes out the window.

  • This is why (Score:5, Insightful)

    by nehumanuscrede ( 624750 ) on Friday January 24, 2025 @09:33PM (#65116965)

    This is why I want nothing to do with Digital ID, CBDC and all that nonsense.

    We can't even keep basic sensitive information from being hacked and leaked all
    over the internet as it is because there aren't any real consequences for companies
    who put bare minimum effort into data security.

  • Just figure that your "Social Security numbers, medical records, and financial information" are already out there in someone's hands, and probably several.

  • CEOs should get jail time for allowing data breaches to happen on their watch.

    That'd fix this problem REAL fast.

    As it stands now, the problem is they simply don't care. They've no doubt evaluated the monetary cost to harden their systems and compared it to the monetary cost of the occasional data breach, and concluded that it is cheaper to just ignore the problem and pay for the cleanup afterwards.

  • "Change Healthcare, a major U.S. healthcare claims processor, paid multiple ransoms" It should be illegal for a company to pay a ransom as it just incentivizes more attacks on other companies. Companies should also be required to report to the FBI if they are being extorted over a certain dollar amount so that the government can track this activity. Companies paying millions of dollars to a contractor to "solve" the problem (by paying the ransom) must also be banned. If the company doesn't comply with thes

Slashdot Top Deals

A list is only as strong as its weakest link. -- Don Knuth

Close