190 million Americans were impacted by the Change Healthcare data hack, according to UnitedHealth.

UnitedHealth: About 190 million Americans were impacted by the ransomware attack on UnitedHealth’s Change Healthcare division in February, which roughly doubled earlier estimates, the company acknowledged.

After the markets closed on Friday, the U.S. health insurance behemoth gave confirmation of the most recent figure.

Tyler Mason: a representative for UnitedHealth Group, stated, “Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million.” Individual or alternative notice has already been given to the great majority of those individuals. Later on, the final figure would be verified and submitted to the Office for Civil Rights.

“We have not observed electronic medical record databases showing up in the data during the analysis, and we are not aware of any misuse of individuals’ information as a result of this incident,” a UnitedHealth spokeswoman stated.

Months of disruptions throughout the U.S. healthcare system were brought on by the February 2024 cyberattack, which is the worst breach of medical data in American history. One of the greatest controllers of health, medical data, and patient records, as well as one of the top processors of healthcare claims in the US, is Change Healthcare, a health IT behemoth and UnitedHealth subsidiary.

Massive amounts of health and insurance-related data were stolen as a result of the data breach, and the hackers who claimed credit for it even posted some of the stolen material online. In order to stop the stolen files from being published further, Change Healthcare later paid at least two ransoms.

When UnitedHealth submitted its early study to the Office for Civil Rights, the U.S. Department of Health and Human Services agency that looks into data breaches, the business estimated that approximately 100 million people were impacted.

According to Change Healthcare’s data breach notice, the hackers took government identity documents, such as passport, driver’s license, and Social Security numbers, dates of birth, phone numbers, email addresses, and names and addresses. Diagnoses, prescription drugs, test findings, imaging, care and treatment plans, and health insurance details are also included in the stolen health data. According to Change, the data also contains banking and financial details from patient claims.

The ALPHV ransomware gang, a well-known Russian-language criminal organization, was blamed for the intrusion. Last year, Andrew Witty, the CEO of UnitedHealth Group, testified before legislators that the hackers gained access to Change’s systems by utilizing a stolen account credential that was not secured with multi-factor authentication.