Unitedhealth confirms 190 million Americans affected by the change in data violation of health care

United has confirmed the attack on ransomware against its health unit for change last February affected around 190 million people in America – nearly double preceding estimates.

The American health insurance giant confirmed the latest issue at Techcrunch Friday after the market closes.

“Change Healthcare has determined that the total estimated number of people affected by the health change is around 190 million,” said Tyler Mason, spokesperson for Unitedhealth Group in a Techcrunch email. “The vast majority of these people have already received an individual or substitute opinion. The final number will be confirmed and filed with the civil rights office on a later date. »»

The unitedhealth spokesperson said that the company “was aware of any abusive use of information from individuals following this incident and did not see databases of electronic medical files appear in data during the analysis. ”

The cyber attack in February 2024 is the largest violation of medical data in the history of the United States and has caused months of breakdowns in the American health system. Change Healthcare, a subsidiary of health technology giant and United and United, is one of the largest managers of health files, medical data and patients; It is also one of the largest processors of health care allegations in the United States.

The data violation led to the theft of massive quantities of information on health and insurance, some of which were published online by the pirates who claimed the responsibility of the violation. Changing Healthcare then paid at least two ransom to prevent a new publication of stolen files.

Unitedhealth previously put the number of people affected at around 100 million people when the company filed its preliminary analysis with the civil rights office, the unit of the US Health and Social Services which is investigating the data violations .

In its opinion of data violation, Change Healthcare said that cybercriminals have stolen names and addresses, birth dates, telephone numbers, email addresses and government identity documents, which included numbers social security, driving license numbers and passport numbers. Stolen health data also includes diagnoses, medicines, test results, imagery and care and processing plans, as well as health insurance information. The change has indicated that the data also includes financial and banking information found in patient complaints.

The breach has been attributed to the Ransomware Alphv gang, a group of cybercrime in prolific Russian language. According to the testimony of the CEO of Unitedhealth Group, Andrew Witty, the legislators last year, the pirates burst into exchange systems using a stolen account report, which was not protected by multi- authentication factors.