UnitedHealth Group’s subsidiary **Change Healthcare** suffered a **massive cyberattack** in February 2024, attributed to the **Blackcat (ALPHV) ransomware group**. The attack crippled critical systems, disrupting **billing, claims processing, and prescription services** across the U.S. healthcare sector. Hospitals, pharmacies, and providers faced **payment processing outages**, delaying patient care and financial transactions. The breach also exposed **sensitive patient data**, including medical records and personally identifiable information (PII), though the full scope of data theft remains under investigation. UnitedHealth was forced to **isolate affected systems**, leading to prolonged operational disruptions. The incident triggered **federal investigations**, with the U.S. Department of Health and Human Services (HHS) and the FBI involved. The financial and reputational damage was severe, with **stock drops** and **lawsuits** from affected parties. The attack underscored vulnerabilities in healthcare IT infrastructure, raising concerns about **future ransomware threats** to critical services.
TPRM report: https://www.rankiteo.com/company/unitedhealth-group
"id": "uni1362813111425",
"linkid": "unitedhealth-group",
"type": "Ransomware",
"date": "2/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '81.5 crore (815 million) '
'citizens',
'industry': 'healthcare and medical research',
'location': 'India',
'name': 'Indian Council of Medical Research (ICMR)',
'type': 'government agency'}],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '81.5 crore (815 million)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes Aadhaar, passport, and '
'medical data)',
'type_of_data_compromised': ['personal identifiable '
'information (PII)',
'medical records',
'government-issued IDs (Aadhaar, '
'passport)']},
'description': 'A cyberattack on the Indian Council of Medical Research '
'(ICMR) resulted in a massive data breach exposing sensitive '
'personal and medical information of approximately 81.5 crore '
'(815 million) Indian citizens. The breach, attributed to a '
"threat actor known as 'pwn0001,' involved the sale of the "
'stolen data on the dark web for $80,000. The compromised data '
'includes Aadhaar and passport details, names, phone numbers, '
'and addresses, raising significant concerns over identity '
'theft and fraud. The ICMR has not yet publicly confirmed the '
'breach, and the extent of the impact remains under '
'investigation.',
'impact': {'brand_reputation_impact': 'high (potential loss of public trust '
"in ICMR's data security)",
'data_compromised': ['Aadhaar details',
'passport details',
'names',
'phone numbers',
'addresses',
'medical records'],
'identity_theft_risk': 'high'},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['Aadhaar data',
'passport data',
'medical records']},
'investigation_status': 'ongoing (unconfirmed by ICMR)',
'motivation': ['financial gain', 'data theft'],
'references': [{'source': 'The Cyber Express',
'url': 'https://tinyurl.com/46j93hew'}],
'threat_actor': 'pwn0001',
'title': 'Cyberattack on Indian Council of Medical Research (ICMR) Leads to '
'Data Breach of 81.5 Crore Citizens',
'type': ['data breach', 'cyberattack']}