Largest U.S. healthcare data breach exposes medical records of 100 million customers
A staggering new update has confirmed that February’s UnitedHealth data breach has impacted over 100 million Americans, now marking it as the largest healthcare data breach in U.S. history. But the fallout extends beyond individual patients — it touches entire families, elevating the scope and scale of this unprecedented attack.
The revised figure was disclosed on Oct. 24 by the U.S. Department of Health and Human Services Office for Civil Rights, which updated its data breach portal to reflect the full breadth of the breach. While the attack occurred in February, this latest report is the first official accounting of the impact widespread.
For context, a ransomware group called ALPHV targeted UnitedHealth Change Health's payment processing system in February 2024. As reported by Forbes, the breach didn’t just expose data; it crippled critical services to hospitals, clinics, and medical practices nationwide, causing widespread operational chaos across the healthcare network.
UnitedHealth reportedly paid the ransomware hacker group $22 million in a desperate bid to recover the stolen data and halt further exposure. But in a bold move, the hackers reneged on the deal, pocketing the payout while keeping the data — leaving tens of millions of Americans' information dangling on the dark web.
Here's the statement that Forbes received from UnitedHealth regarding the breach:
“We continue to notify potentially impacted individuals as quickly as possible, on a rolling basis, given the volume and complexity of the data involved and the investigation is still in its final stages. Change continues to update the status of the event and we also issued the substitute notification via the wire. Most importantly, Change Healthcare is also in regular communication with the U.S. Department of Health and Human Services, Office for Civil Rights and other regulators regarding our notification process. We are committed to notifying potentially impacted individuals as quickly as possible. We continually encourage consumers to reach out with questions and take the below steps"
If you suspect that you've been affected by this data breach, Forbes suggests that you monitor your bank and credit card statements, request a credit freeze, and keep an eye out for medical fraud (review insurance statements for any unfamiliar claims and services).