UnitedHealth Group and Change Healthcare: MSN

Cyberattack Disrupts Major U.S. Healthcare Provider, Exposing Patient Data

A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), has caused widespread disruptions across the U.S. healthcare system, delaying payments, prescriptions, and critical medical services. The incident, first detected on February 21, 2024, forced the company to take its systems offline, severing connections with pharmacies, hospitals, and insurers nationwide.

The attack has been attributed to the BlackCat (ALPHV) ransomware group, which claimed responsibility and allegedly stole 6 terabytes of sensitive data, including patient records, insurance details, and billing information. While UHG has not confirmed whether a ransom was paid, reports suggest the group received a $22 million payment one of the largest known ransomware payouts to date.

The fallout has been severe: pharmacies reported delays in processing prescriptions, healthcare providers faced interruptions in claims processing, and some patients experienced denied or delayed care due to system outages. The U.S. Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) are investigating the breach, which has raised concerns about the vulnerability of healthcare infrastructure to cyber threats.

Change Healthcare processes 15 billion healthcare transactions annually, making this one of the most significant cyber incidents to hit the U.S. medical sector. Recovery efforts are ongoing, but the full extent of the data exposure and long-term operational impact remains unclear. The attack underscores the growing risk of ransomware targeting critical healthcare systems, where disruptions can directly endanger patient safety.

Source: https://www.msn.com/en-ca/news/canada/canadian-government-to-pay-8-7m-to-settle-data-breach-class-action-involving-cra-accounts/ar-AA22zUM0?ocid=finance-verthp-feeds

UnitedHealth Group TPRM report: https://www.rankiteo.com/company/unitedhealth-group

Change Healthcare TPRM report: https://www.rankiteo.com/company/change-healthcare

"id": "unicha1778149488",
"linkid": "unitedhealth-group, change-healthcare",
"type": "Ransomware",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'Pharmacies, hospitals, '
                                              'insurers, patients nationwide',
                        'industry': 'Healthcare',
                        'location': 'United States',
                        'name': 'Change Healthcare',
                        'size': 'Large (subsidiary of UnitedHealth Group)',
                        'type': 'Healthcare technology/services'}],
 'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
                 'data_exfiltration': 'Yes',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Patient records',
                                              'Insurance details',
                                              'Billing information']},
 'date_detected': '2024-02-21',
 'description': 'A ransomware attack on Change Healthcare, a key subsidiary of '
                'UnitedHealth Group (UHG), caused widespread disruptions '
                'across the U.S. healthcare system, delaying payments, '
                'prescriptions, and critical medical services. The incident '
                'forced the company to take its systems offline, severing '
                'connections with pharmacies, hospitals, and insurers '
                'nationwide. The attack exposed 6 terabytes of sensitive data, '
                'including patient records, insurance details, and billing '
                'information.',
 'impact': {'brand_reputation_impact': 'Severe',
            'data_compromised': '6 terabytes of sensitive data',
            'identity_theft_risk': 'High',
            'operational_impact': 'Delays in prescriptions, claims processing, '
                                  'and patient care; system outages',
            'payment_information_risk': 'High',
            'systems_affected': 'Pharmacy processing, claims processing, '
                                'medical services'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain',
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransom_paid': '$22 million (reported)',
                'ransomware_strain': 'BlackCat (ALPHV)'},
 'references': [{'source': 'Cybersecurity news reports'}],
 'regulatory_compliance': {'regulatory_notifications': 'U.S. Department of '
                                                       'Health and Human '
                                                       'Services (HHS), '
                                                       'Cybersecurity and '
                                                       'Infrastructure '
                                                       'Security Agency '
                                                       '(CISA)'},
 'response': {'containment_measures': 'Systems taken offline, connections '
                                      'severed',
              'law_enforcement_notified': 'U.S. Department of Health and Human '
                                          'Services (HHS), Cybersecurity and '
                                          'Infrastructure Security Agency '
                                          '(CISA)',
              'recovery_measures': 'Ongoing'},
 'threat_actor': 'BlackCat (ALPHV)',
 'title': 'Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare '
          'System',
 'type': 'Ransomware'}