UnitedHealth (UNH, Financial) has experienced a significant data breach involving the personal information of 100 million people, marking one of the largest healthcare data breaches in U.S. history. The breach, which occurred in February, highlighted vulnerabilities within the healthcare sector, as hackers reportedly accessed data of about one-third of the U.S. population. The company began notifying the affected individuals in June.
The breach details were included in the data breach list maintained by the U.S. Department of Health and Human Services' Office for Civil Rights. UnitedHealth continues to investigate the breach and is committed to notifying all potentially impacted individuals promptly.
This cyberattack was initiated by the hacking group known as ALPHV or "BlackCat." UnitedHealth initially reported the compromise on February 21, which disrupted claims processing and affected patients and healthcare providers nationwide. The company disclosed that the breach may have exposed private data, including insurance IDs, diagnoses, treatment information, Social Security numbers, and billing codes used by providers.
In June, UnitedHealth issued a statement warning that approximately one-third of private data in the U.S. might have been compromised. Earlier predictions by the company indicated that the operational disruptions caused by the breach could cost up to $705 million. The hack resulted in widespread payment and business interruptions across the country, prompting UnitedHealth to offer billions of dollars in loans to affected providers and to absorb the costs associated with notifying customers about the data breach.
