
UnitedHealth has confirmed a massive cyberattack that exposed personal and health information for 190 million Americans. This is almost double the number initially reported: in October 2024, UnitedHealth reported a data breach affecting 100 million people, including an attack on its subsidiary Change Healthcare.
However, in January 2025, this figure was increased to 190 million people. The attackers gained access to personal and health information, including insurance data, medical records, payment information, addresses, phone numbers and Social Security numbers. The hackers exploited a vulnerability in Citrix’s remote access system, where multi-factor authentication was not enabled. After penetrating the network, the attackers stole 6 TB of data, encrypted computers and paralyzed the company’s IT systems. UnitedHealth paid a $22 million ransom to unlock the data, but the stolen data was leaked online and the attackers demanded additional payments.
The attack was the largest data breach in the history of the U.S. healthcare sector, causing over $872 million in losses in the first few months alone. Change Healthcare, a UnitedHealth subsidiary, was hit by the BlackCat ransomware virus (ALPHV) in February 2024. The damage was not only to patients, but also to the entire U.S. healthcare infrastructure, preventing doctors and pharmacies from filing claims and filling prescriptions. UnitedHealth later reported that the attack had cost it $2.45 billion as of September 2024.
The scale of the UnitedHealth data breach underscores the importance of cybersecurity, especially in the healthcare industry. Multi-factor authentication and strengthened security protocols can prevent the devastating effects of such attacks.