# US Health Dept Says UnitedHealth Hack Impacted 192.7 Million Consumers’ Data
A recent report by the U.S. Department of Health has confirmed that a massive cyberattack on UnitedHealth's technology unit, Change Healthcare, has affected an unprecedented number of consumers. The breach, disclosed in February, has left 192.7 million individuals' sensitive data vulnerable to theft, marking the largest data breach in the US healthcare industry to date.
The new figures, posted on the list of data breaches maintained by the U.S. health department's office for civil rights, bring the total number of impacted consumers to 192.7 million. While initial estimates had suggested a figure of 190 million, UnitedHealth has confirmed that the actual number is higher due to the complexities of tracking individual state numbers.
The breach, which was carried out by the "Blackcat" ransomware group, caused widespread disruptions nationwide in claims processing and affected patients and providers alike. The hackers infiltrated Change Healthcare's Citrix portal, using compromised credentials to gain remote access to desktops without multi-factor authentication.
"The portal did not have multi-factor authentication," UnitedHealth Group CEO Andrew Witty testified last May. "Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later."
The attack had a profound impact on Change Healthcare's operations, with the company processing $14 billion in backlogged healthcare claims following the incident. The hackers' actions also exposed sensitive information, including health insurance member IDs, patient diagnoses, treatment information, social security numbers, and billing codes used by providers.
The breach has significant implications for UnitedHealth Group, which could have slashed its profit by $1.6 billion in 2024 if left unchecked. The cyberattack is one of the costliest ever, underscoring the need for robust cybersecurity measures to protect sensitive data in the healthcare industry.
As the healthcare industry continues to navigate the complexities of data protection, it's clear that breaches like this will only become more frequent and devastating unless proactive measures are taken to prevent such incidents.