Change Healthcare reports cyberattack, potential wider impact to hospitals
Learn More
Change Healthcare, a health care technology company in the United States and a part of UnitedHealth Group, reported a cyberattack on February 21st 2024 that caused disruptions in numerous systems and services.
In response, the company disconnected its systems to protect its partners and patients, assuring that the issue is isolated to Change Healthcare, with other UnitedHealth Group systems remaining operational.
No details are disclosed about the nature of the attack or any data breached.
The cyberattack's impact may be far reaching since Change Healthcare has merged with UnitedHealth Group's Optum service. The Optum service is offering a broad spectrum of health care services to other hospitals, including technology, data management, pharmacy care, and direct health services. The attack at Change Healthcare may spill over to Optum systems, causing broader negative effect.
The American Hospital Association (AHA) is actively liaising with the FBI, the Department of Health and Human Services, and the Cybersecurity and Infrastructure Security Agency to manage the situation.
Given the extensive impact Optum has across the health care sector, particularly in revenue cycle management, health care technologies, and clinical authorizations, the AHA advises health care organizations affected by the incident or those at potential risk to disconnect from Optum's services until it's safe to reconnect. They also suggest preparing for potential extended service outages by developing contingency plans and downtime procedures.
Update - The disruption caused by Change Healthcare systems being taken offline has led to significant delays in pharmacies across the United States, with one retailer in Michigan urging customers to postpone their medication refills by an additional day if feasible. The impact of the outage is already being felt, with pharmacies nationwide experiencing difficulties in processing prescriptions and delivering services.
The cyberattack is apparently linked to the BlackCat/AlphV ransomware group. BlackCat claim to have stolen 6TB of data from Change Healthcare belonging to "thousands of healthcare providers, insurance providers, pharmacies, etc."
Per BlackCat's statement, the stolen data contains information on millions of people, including:
- medical records
- insurance records
- dental records
- payments information
- claims information
- patients' PII data (i.e., phone numbers, addresses, social security numbers, email addresses, and more)
- active U.S. military/navy personnel PII data
On 15th of April 2024 the RansomHub extortion gang has started to leak what they claim to be corporate and patient data from Change Healthcare supposedly stolen by BlackCat gang. Although Change paid $22 million ransom, BlackCat group apparently scammed their partners in crime and vanished with the money. The hacker "Notchy" who was apparently behind the original hack has teamed up with RansomHub to continue extorting Change Healthcare, threatening to release all stolen data if no agreement is reached.
On 22nd of April 2024 UnitedHealth Group has confirmed that a ransomware attack on its health tech subsidiary Change Healthcare earlier this year resulted in a huge theft of Americans’ private healthcare data. UnitedHealth said in a statement on that a ransomware gang took files containing personal data and protected health information that it says may “cover a substantial proportion of people in America.”
As of 24th of October 2024, Change Healthcare, a subsidiary of UnitedHealth Group reports that the ransomware attack that led to the unauthorized access and exfiltration of sensitive data belonging to over 100 million individuals. UnitedHealth Group initiated notifications to affected individuals and offered free credit monitoring and identity theft protection services.
As of 24th of January 2025, Change Healthcare reports that the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million. The final number will be confirmed and filed with the Office for Civil Rights at a later date.
As of 5th of Aufust 2025 Change Healthcare reports that the final total number of individuals impacted by the cyberattack is approximately 192.7 million.
