UnitedHealth's Data Breach Affected 100 Million Americans. Here's What the Cyberattack Exposed. It's the largest healthcare data breach to date.

By Sherin Shibu Edited by Melissa Malamut

Key Takeaways

  • UnitedHealth Group estimates that 100 million Americans were affected by a February cyberattack, as of a new filing.
  • The cyberattack exposed sensitive information, including health records and personally identifiable information like Social Security numbers.
  • Research conducted by the nonprofit Identity Theft Resource Center shows a rise in data breaches in the U.S.

In February, Change Healthcare, a tech company owned by UnitedHealth Group (UHG), underwent a massive cyberattack that involved paying a $22 million ransom to resolve.

On Thursday, UHG quantified the number of people affected by the attack for the first time, eight months after the breach happened. A new filing in the U.S. Department of Health and Human Services portal on Thursday shows that one-third of the U.S. population, or about 100 million Americans, had their data stolen during the breach.

The cyberattack exposed sensitive health records, like medical diagnoses, test results, medications, and health plans, as well as Social Security numbers and other personally identifiable information.

Related: UnitedHealth Paid Ransom to Cyberhackers After Patients' Personal Data Was Compromised

The scope of the attack makes it the largest healthcare data breach ever, surpassing an Anthem incident in 2015 that affected almost 79 million Americans.

According to a testimony given by UHG CEO Andrew Witty before the House Energy and Commerce Committee, the data breach happened when "criminals used compromised credentials" to get into a Change healthcare portal that did not have multi-factor authentication enabled. Change handles payment processing for 15 billion medical claims per year or about 40% of all claims; UHG acquired it in late 2022.

UHG CEO Andrew Witty. Photo Credit: Tom Williams/CQ-Roll Call, Inc via Getty Images

The cyberattack disrupted daily life — some medical providers, hospitals, and pharmacies were unable to fulfill patient prescriptions and process billing for patients for weeks after it happened.

The U.S. is experiencing an overall increase in data breaches. The nonprofit Identity Theft Resource Center says there has been a 72% rise in incidents from 2021 to 2023.

Related: A Cyberattack on the Largest Health Insurer in the U.S. Could Put Your Prescriptions and Personal Data at Risk
Sherin Shibu

BIZ Experiences Staff

News Reporter

Sherin Shibu is a business news reporter at BIZ Experiences.com. She previously worked for PCMag, Business Insider, The Messenger, and ZDNET as a reporter and copyeditor. Her areas of coverage encompass tech, business, strategy, finance, and even space. She is a Columbia University graduate.

Want to be an BIZ Experiences Leadership Network contributor? Apply now to join.

Editor's Pick

Most Popular

See all
Starting a Business

These Brothers Started a Business to Improve an Everyday Task. They Made Their First Products in the Garage — Now They've Raised Over $100 Million.

Coulter and Trent Lewis had an early research breakthrough that helped them solve for the right problem.

By Amanda Breen
Franchise

How to Prepare Your Business — And Yourself — For a Smooth Exit

After decades of building your business, turning it over to someone else can be emotional. But with the right mindset and a strong plan, it can also be your proudest moment.

By Ray Titus
Data & Recovery

We Found Four of the Top Alternatives to Dropbox That Don't Have Monthly Subscription Fees

All last for life, and not one of them is more than $200.

By BIZ Experiences Store
Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for BIZ Experiencess to pursue in 2025.

By Eve Gumpel
Franchise

10 No-Office-Required Businesses You Can Start for as Little as $5,000

With strong Franchise 500 rankings and investment levels starting under $5,000, these brands are ready for new owners to hit the ground running.

By Carl Stoffers
Business News

Here Are the 10 Jobs AI Is Most Likely to Automate, According to a Microsoft Study

These careers are most likely to be affected by generative AI, based on data from 200,000 conversations with Microsoft's Copilot chatbot.

By Sherin Shibu