In February [1] [2] [3] [5], Change Healthcare [1] [2] [3] [4] [5] [6] [7], a major medical claims clearinghouse [2], experienced a cyberattack that impacted a significant portion of the US healthcare system.


UnitedHealth Group [1] [2] [3] [4] [6] [7], the parent company [2] [3], confirmed that a substantial amount of personal information belonging to Americans was exposed in the breach. The hackers, known as the cybercriminal group AlphV or BlackCat [5], demanded a ransom of 350 bitcoins, equivalent to $22 million [5], which UnitedHealth paid to regain access to their systems. While no evidence of exfiltration of full medical histories was found, files containing protected health information (PHI) and personally identifiable information (PII) were compromised [1] [2] [4] [5]. A second ransomware group [5], RansomHub [4] [5], claims to have the stolen data and threatens to sell it on the dark web [5]. Change Healthcare’s payment processing is at 86% of pre-incident levels, with projected long-term losses exceeding a billion dollars. The breach has already cost UnitedHealth Group $872 million this quarter [3], with an estimated total cost of up to $1.6 billion [3]. The group is monitoring the dark web for any leaked data [3], but only 22 screenshots have been found so far [3]. CEO Andrew Witty has committed to providing support to affected consumers and providers [3]. The US government is investigating the breach to determine the extent of the PHI breach. Despite progress in restoring services [7], including pharmacy services and medical claims, approximately 80% of Change Healthcare’s functionality on major platforms has been restored, with full restoration expected soon [7]. The $22 million ransom payment to the hackers has contributed to the growing ransomware ecosystem, with victims paying hackers a record $1.1 billion in 2023 [5]. AlphV’s fake law enforcement takedown after receiving the payment has caused conflict within the ransomware underground [5], as affiliates of the hackers still seek payment, raising concerns about the security of Change Healthcare’s compromised data [5]. The cyberattack has led to direct impacts on patient care and financial losses for hospitals and physician practices [2], with Function Better [2], a physical therapy clinic [2], experiencing severe disruptions and delayed payments for services. UnitedHealth Group is offering support and protections to affected individuals [2], but the attack is expected to have significant financial implications for the company [2], while healthcare providers and patients face ongoing risks and uncertainties [2]. UnitedHealth Group has provided an update on the cyberattack on Change Healthcare [6], revealing the scale of the breach and announcing support for affected individuals [6]. The attack on Change Healthcare [6] [7], which processes about 50% of US medical claims [6], caused widespread disruption in payments to doctors and health facilities [6]. Despite the ongoing investigation [6], UnitedHealth has decided to immediately provide support and is monitoring the web for any published data [6]. The company’s CEO is expected to testify in Congress in May [6], and progress has been made in restoring services impacted by the event [6], prioritizing patient access to care and medication [6]. Affected individuals can visit a dedicated website or call for free credit monitoring and identity theft protection [6].


The cyberattack on Change Healthcare has had significant impacts on patient care, financial losses for healthcare providers, and ongoing risks for affected individuals [6]. Mitigations such as support and monitoring efforts are in place, but the attack is expected to have lasting implications for the company and the healthcare industry as a whole.