Change Healthcare Breach Impacted 190 Million Americans

The biggest medical-related data breach in U.S. history was even larger than first estimated.

The ransomware attack on UnitedHealth’s Change Healthcare business last year impacted around 190 million people, almost double past estimates, TechCrunch reported Friday (Jan. 24).

“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” Tyler Mason, a spokesperson for UnitedHealth, wrote in an email to the publication.

“The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date.” 

The statement added that the company was “not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis.” 

Last year’s attack caused months of outages throughout the American healthcare system, as Change is one of the biggest processors of health claims in the country, while also handling vast swaths of health and medical data and patient records.

Hackers stole huge amounts of health and insurance-related info, publishing some of it online. Change Healthcare paid at least two ransoms to keep other info from being made public. According to the TechCrunch report, UnitedHealth had previously said around 100 million people were impacted by the breach.

As PYMNTS wrote last month, the attack was one of several high profile cybersecurity incidents last year, a list that also includes a breach at background check firm National Public Data that led to the stolen information of 2.9 billion people. There was also the Snowflake data breach which encompassed AT&T, Santander Bank, Advance Auto Parts, Ticketmaster parent company LiveNation and more than 160 of the world’s largest companies.

“But those attacks only scratched the surface of emerging enterprise vulnerabilities,” that report said. “As we enter 2025, the lessons from these breaches are more relevant than ever for businesses navigating the digital frontier.”

In other cybersecurity news, PYMNTS wrote last week about the rise of artificial intelligence (AI) use in security systems.

Research by PYMNTS Intelligence shows that the number of chief operating officers (COOs) reporting that their companies have adopted AI-powered automated cybersecurity management systems tripled last year, reaching 55% in August 2024, up from about 17% last May. 

Each of the COOs surveyed for the research represents a company that generates more than $1 billion in revenue per year.

The post Change Healthcare Breach Impacted 190 Million Americans appeared first on PYMNTS.com.