Skip to main content

Independent journalism powered by readers like you.

Sign Up Free

Change Healthcare Ransomware: The Largest Healthcare Breach

criticalongoingBy OPV Privacy Desk||9 min read

The Change Healthcare ransomware attack in February 2024 exposed protected health information of approximately 100 million Americans, making it the largest healthcare breach in US history. The attack disrupted prescription processing, medical billing, and healthcare operations nationwide for weeks. Parent company UnitedHealth Group paid $22 million ransom to BlackCat ransomware group. The breach exposed names, addresses, dates of birth, Social Security numbers, medical records, billing information, and insurance details.

Attack Details

The ALPHV/BlackCat ransomware group accessed Change Healthcare systems through a Citrix portal that lacked multi-factor authentication. The attackers exfiltrated approximately 6 TB of data over weeks before deploying ransomware. Initial detection on February 21, 2024 led to system shutdown that disrupted healthcare nationwide. UnitedHealth paid $22 million ransom but data was still leaked online by an affiliated group.

Healthcare Disruption

The attack disrupted prescription processing affecting pharmacy claims for weeks. Medical providers could not bill insurance and faced cash flow crises. Some patients could not fill prescriptions or receive elective care. The HHS issued guidance allowing flexibility in claims processing. The disruption demonstrated the systemic risk of healthcare technology consolidation under one company.

Regulatory Response

HHS opened investigations into Change Healthcare cybersecurity practices. Congressional hearings examined the lack of basic security controls including MFA. UnitedHealth Group acknowledged the absence of MFA on the compromised system. Class action lawsuits proceed against UnitedHealth. The breach contributed to legislative proposals for healthcare cybersecurity requirements.

Key Findings

  • Approximately 100 million Americans had protected health information exposed in the breach
  • UnitedHealth Group paid $22 million ransom to BlackCat ransomware group
  • Compromised Citrix portal lacked basic multi-factor authentication

Timeline

Change Healthcare detects ransomware attack

UnitedHealth pays $22 million ransom

HHS confirms 100 million affected individuals

Affected Parties

100 million patients with exposed PHIHealthcare providers facing billing disruptionPharmacies unable to process claimsHHS Office for Civil Rights investigators

SeekerPro

Unlock Premium Intelligence. $15.99/mo. Cancel anytime.

Learn more →

NexusBro

Audit any website in 60 seconds. Free QA report.

Learn more →

BliniBot

AI task automation. 5 free queries. No signup.

Learn more →

Related Privacy Alerts

23andMe DNA Data Breach: 6.9 Million Users ExposedHow to Delete Your Google Activity Data CompletelyGDPR Enforcement 2026: Record Fines and New PrecedentsBrave Browser Privacy Guide: Complete ConfigurationRansomware Protection: Personal and Small Business Guide

Explore Across Platforms

OPHGoogle Corporate ProfileNoizzCompare Privacy Tools

Frequently Asked Questions

How many people were affected?
Approximately 100 million Americans had protected health information exposed, making this the largest healthcare data breach in US history.
What data was stolen?
Names, addresses, dates of birth, Social Security numbers, medical records, billing information, and insurance details. The exact data varied by individual.
Was the ransom paid?
UnitedHealth Group paid $22 million to BlackCat ransomware group. Despite payment, data was still leaked online by an affiliated group, demonstrating that ransom payment does not guarantee data protection.

SeekerPro

Unlock Premium Intelligence. $15.99/mo. Cancel anytime.

Learn more →

NexusBro

Audit any website in 60 seconds. Free QA report.

Learn more →

BliniBot

AI task automation. 5 free queries. No signup.

Learn more →

Sources

Stay informed. Take action.

Join the community holding corporations accountable.

Join 23,000+ readers who trust OPV for independent analysis

Get SeekerPro — $15.99/moSign Up FreeExplore Trending Stories

Cancel anytime. No commitment required.

Tools We Recommend

Is your website performing?

Free AI-powered QA audit. Find and fix issues in minutes.

Run Free Audit

Automate your marketing

AI-powered content creation, scheduling, and analytics.

Try Free

AI assistant that acts

Chat, automate tasks, browse the web. Your AI agent.

Chat Now

Want the Full Story?

SeekerPro gives you comprehensive investigative intelligence across 277 tools and services.

Try SeekerPro Free for 14 Days

$15.99/mo after trial. Cancel anytime.

Get the Inside Scoop

Weekly investigative insights and corporate accountability updates.

No spam. Unsubscribe anytime.

Visit Blossend.com →

Explore the full portfolio of independent AI tools and editorial properties at blossend.com.