Although last year’s cyberattack at UnitedHealth was bad enough at 100 million when it was initially reported, the U.S. Health Department’s website now has updated numbers that show the full scope of the data breach was actually worse – 192.7 million people were impacted by the hack.
As reported by Cybernews, a spokesperson for UnitedHealth pointed out that the individual numbers by state will vary; the company did estimate in January that the attack has exposed the personal information of an estimated 190 million people. The information stolen and exposed in the data breach is said to include a variety of sensitive personal information including medical information like diagnoses, test results, treatment information, medical record numbers, and health insurance information such as member or group ID numbers, as well as personal information like Social Security numbers and driver’s license numbers. Other data that was exposed includes billing information, payment information, claims history and billing codes.
Change Healthcare is UnitedHealth Group’s tech unit, and is a health payment processing company that works with many leading insurance companies such as Aetna, Anthem, Blue Cross Blue Shield and Cigna. In February 2024, the BlackCat ransomware gang infiltrated the company’s system causing havoc in the claims processing and patient care systems across the country.
In a May Congressional hearing, it was noted that the hacker group used stolen employee login credentials to breach the company’s Citrix remote access service – which did not have multi-factor authentication turned on. Although UnitedHealth paid a $22 million ransom for the hackers to delete the stolen data, the data deletion did not occur and after receiving payment, BlackCat pulled an exit scam and shut down their servers.
How to stay safe after a data breach
Since a data breach this large affects such a huge portion of the population, it's worth taking steps to protect yourself. If you've been affected by this, or any other data breach, you should definitely invest in one of the best identity theft protection services. However, in order to get access to the identity theft insurance and the extra support these services provide, you need to sign up before falling victim to a data breach.
One of the best antivirus software will also help protect you and your devices from malware and online threats when you're online, and it's also important to stay vigilant against phishing and social engineering attacks, and to monitor your accounts for suspicious activity. The best way to stay safe against phishing is to avoid clicking on any links, QR codes or attachments in emails or messages from unknown senders.
In order to protect yourself against most common social engineering attacks, it’s always best to be wary anytime you're approached through social media or by contacts offering opportunities that seem to good to be true A quality antivirus software will provide different features to keep you safe online including one of the best VPNs with browser-level privacy protection.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
- AT&T agrees to $177 million data breach settlement — here's how to file a claim
- 7 easy changes I made that drastically improved my digital security
- Booking.com phishing scam is infecting users with malware by using lookalike URLs — don't fall for this
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
