dChan
Anonymous ID: 2ab8f4 Jan. 24, 2025, 9:20 p.m. No.22430452   🗄️.is 🔗kun   >>0472 >>0505 >>0573 >>0602

https://techcrunch.com/2025/01/24/unitedhealth-confirms-190-million-americans-affected-by-change-healthcare-data-breach/

 

UnitedHealth confirms 190 million Americans affected by Change Healthcare data breach

 

UnitedHealth has confirmed the ransomware attack on its Change Healthcare unit last February affected around 190 million people in America — nearly double previous estimates.

 

The U.S. health insurance giant confirmed the latest number to TechCrunch on Friday after the markets closed.

 

“Change Healthcare has determined the estimated total number of individuals impacted by the Change Healthcare cyberattack is approximately 190 million,” said Tyler Mason, a spokesperson for UnitedHealth Group in an email to TechCrunch. “The vast majority of those people have already been provided individual or substitute notice. The final number will be confirmed and filed with the Office for Civil Rights at a later date.”

 

UnitedHealth’s spokesperson said the company was “not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis.”

 

The February 2024 cyberattack is the largest breach of medical data in U.S. history and caused months of outages across the U.S. healthcare system. Change Healthcare, a health tech giant and UnitedHealth subsidiary, is one of the largest handlers of health, medical data, and patient records; it’s also one of the biggest processors of healthcare claims in the United States.

 

The data breach resulted in the theft of massive quantities of health and insurance-related information, some of which was published online by the hackers who claimed responsibility for the breach. Change Healthcare subsequently paid at least two ransoms to prevent further publication of the stolen files.

 

UnitedHealth previously put the number of affected individuals at around 100 million people when the company filed its preliminary analysis with the Office for Civil Rights, the unit under the U.S. Department of Health and Human Services that investigates data breaches.

 

In its data breach notice, Change Healthcare said that the cybercriminals stole names and addresses, dates of birth, phone numbers, email addresses, and government identity documents, which included Social Security numbers, driver’s license numbers, and passport numbers. The stolen health data also includes diagnoses, medications, test results, imaging, and care and treatment plans, as well as health insurance information. Change said the data also includes financial and banking information found in patient claims.

 

The breach was attributed to the ALPHV ransomware gang, a prolific Russian language cybercrime group. According to testimony by UnitedHealth Group’s CEO Andrew Witty to lawmakers last year, the hackers broke into Change’s systems using a stolen account credential, which was not protected with multi-factor authentication.

Anonymous ID: 2ab8f4 Jan. 24, 2025, 9:33 p.m. No.22430516   🗄️.is 🔗kun   >>0521 >>0529

>>22430505

you have to know though that most "authenticators" are just calculating a PIN based on a secret number.

 

Using a shitphone for that is retarded, because shitphones are insecure and this secret number is stored in the same location, which means a hacker can get this secret number, create PINs and the owner has no clue about any of it.

 

It's not about MFA. It's about MFA via proper ways aka HARDWARE TOKENS, which are not hackable, because they have no network access. It's a small device with a display. You push the button, you get the PIN. If anyone wants that PIN, they have to steal your DEVICE.

 

With a shitphone that is not the case.