The February hack at UnitedHealth’s (NYSE: UNH) tech unit Change affected the personal information of 100 million people, the U.S. Health Department’s website showed, making it the largest healthcare data breach in the country.
UnitedHealth has previously said that hackers potentially stole a third of Americans’ data in one of the worst hacks to hit the U.S. healthcare sector. The company began notifying affected patients in June.
The number of impacted people was posted on a list of data breaches maintained by the U.S. Department of Health & Human Services’ Office for Civil Rights.
A breach at the health insurer Anthem — now known as Elevance Health (NYSE: ELV) — in 2015 impacted nearly 79 million people in the U.S.
In a statement, UnitedHealth (NYSE: UNH) said that the investigation is still in its final stages and it continues to notify potentially impacted individuals as quickly as possible.
The Change unit was breached by a hacking group called ALPHV, also known as “BlackCat.” UnitedHealth first reported the breach on February 21.
The breach caused widespread disruptions in claims processing, impacting patients and providers worldwide.
In June, UnitedHealth (NYSE: UNH) issued a public notice about the ransomware hack as part of its requirements to notify the estimated one-third of the country whose private data may have been exposed in the attack.
At the time, the company said that while it cannot confirm the nature of data affected by the breach, it could include health insurance member IDs, patient diagnoses, treatment information, and social security numbers, as well as billing codes used by providers.
Earlier this month, the company forecast a business disruption impact of $705 million this year from the hack that caused massive payment and other disruptions across the U.S. UnitedHealth issued billions of dollars in loans to providers affected by the hack and incurred costs related to notifying customers of the breach.
(Source: ReutersReuters)