Technology
Change Healthcare ransomware attack exposes personal health information of over 100 million
Over the past few months, we’ve seen a wave of data breaches affecting millions of people, from health care giants to government contractors and more. This latest incident is yet another in a long line of alarming breaches. Change Healthcare experienced a major data breach in February this year, causing widespread disruption across the U.S. health care sector. At the time, the company did not specify how many people were affected by the breach but hinted that it might impact well more than one-third of the U.S. population, marking one of the largest known digital thefts of medical records to date.
The owner of Change Healthcare, UnitedHealth Group (UHG), has now confirmed for the first time that more than 100 million people had their personal information and health care data stolen in what was a ransomware attack.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
UnitedHealth Group confirmed for the first time that more than 100 million people had their personal information and health care data stolen. (Kurt “CyberGuy” Knutsson)
Timeline of the Change Healthcare cyberattack
The Change Healthcare cyberattack happened in February, with news going public on Feb. 21. To contain the breach, the company took its systems offline, which led to immediate disruptions across the U.S. health care sector that relies on Change’s services for claims processing, payments and data sharing. UHG CEO Andrew Witty told Congress in May that “maybe a third” of Americans’ health data was exposed in the attack.
A month later, Change Healthcare sent out a data breach notice confirming that the February ransomware attack exposed a “substantial quantity of data” affecting many Americans. UnitedHealth Group started notifying impacted individuals in late July, with notifications continuing through October, and the final tally of those affected was released this month.
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) data breach portal updated the total number of impacted people to 100 million: “On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach,” reads an updated FAQ on the OCR website.
The February ransomware attack exposed a “substantial quantity of data” affecting many Americans. (Kurt “CyberGuy” Knutsson)
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
What data got stolen?
There’s roughly a 30% chance your personal data was compromised in this breach. Change Healthcare is one of the largest handlers of health, medical data and patient records, and in 2022 it merged with U.S. health care provider Optum as part of a deal with UHG, bringing the two giants together under UHG’s umbrella.
This merger gave Optum – already managing physician groups and providing tech and data to insurers and health care services – broader access to the patient records handled by Change. Overall, UHG offers benefit plans to more than 53 million customers in the U.S. and another 5 million globally, while Optum serves about 103 million U.S. customers.
The stolen data varies by individual but includes personal information such as names, addresses, dates of birth, phone numbers, email addresses and government ID numbers, including Social Security, driver’s license and passport numbers. On top of that, hackers may also have accessed health data, including diagnoses, medications, test results, imaging, care and treatment plans and health insurance information. Financial and banking details found in claims and payment data are also reportedly compromised.
Change Healthcare is one of the largest handlers of health, medical data and patient records. (Kurt “CyberGuy” Knutsson)
FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU
What caused the data breach?
The Change Healthcare data breach was caused by a ransomware attack, a type of malware attack that blocks access to the victim’s personal data unless a “ransom” is paid. UHG said ALPHV/BlackCat was behind the attack, a Russian-speaking ransomware and extortion gang that later took credit for the cyberattack.
However, the attack was made possible because Change Healthcare wasn’t smart enough to protect its customers’ data with multifactor authentication. The company admitted this during a House hearing into the cyberattack in April. This raises an important question: how could a company that has billions of dollars in revenue and stores data for over 100 million Americans fail at basic cybersecurity?
UHG paid a ransom to get a decryptor and for the hackers to delete the stolen data. The ransom was said to be around $22 million and was supposed to be split between the affiliate and the ransomware operation. However, BlackCat kept it all for themselves and pulled an exit scam.
This complicated things for UHG because the affiliate claimed they still had the company’s data. They later joined forces with a new group called RansomHub, leaking some of the stolen data and extorting a second ransom from UHG.
6 ways to protect yourself from Change Healthcare data breach
1) Remove your personal information from the internet: While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. Check out my top picks for data removal services here.
2) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.
3) Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request. The best way to protect yourself from clicking malicious links that install malware is to have strong antivirus protection installed on all your devices. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
4) Monitor your accounts: Breaches of this magnitude will make it a necessity for you to start routinely reviewing your bank accounts, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.
5) Recognizing and reporting a Social Security scam: If there is a problem with a person’s Social Security number or record, Social Security will typically mail a letter. You can learn more about recognizing Social Security-related scams, including how to report a scam quickly and easily online to Social Security’s Office of the Inspector General, by reading more at www.ssa.gov/scams.
6) Invest in identity theft protection: Data breaches happen every day and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
Kurt’s key takeaway
In just 2024, with over two months still to go, we’ve witnessed countless data breaches affecting millions of Americans. This highlights how valuable your data is and how little some companies are doing to protect it. Big firms with massive revenues are struggling to implement even the most basic cybersecurity measures, practically inviting cybercriminals to hack their systems. Change Healthcare fell into this trap by not implementing two-factor authentication, leaving everything from your financial details to health data in the hands of criminals.
Do you think these companies are doing enough to protect your data and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt: Copyright 2024 CyberGuy.com. All rights reserved.
Bad news: most Americans are about to lose an hour of sleep next week. Good news: if you have trouble falling (or staying asleep), Newegg is currently selling Anker’s Soundcore Sleep A20 earbuds for $113.99 ($66 off) when you use coupon code MMSF88 at checkout, which drops them to just $6 shy of their lowest price to date.
A couple of us here at The Verge are fans of Anker’s last-gen sleep buds, which do a good job of muffling disruptive noises (including snoring). They’re lightweight and comfortable enough to wear overnight, even while sleeping on your side, with multiple ear tips and wings for a personalized fit. In fact, in his review, my colleague Thomas Ricker said that they improved his average sleep time by nearly 30 minutes within a two-week period.
What’s even more convenient is that they offer a variety of sleep-focused features to help you rest better. For example, you can use them to play a range of relaxing sounds, from meditation exercises and nature clips to white noise. You can use them as a regular pair of Bluetooth earbuds, too, just in case you prefer to listen to audiobooks or your own curated sleep playlist. They even come with adjustable EQ as well, though we wouldn’t recommend using them as your primary earbuds for music, given that they can’t match the audio quality you’d get from a pair of midrange earbuds from Apple, Sony, or Bose.
In addition, the Sleep A20 offer up to 14 hours of battery life and sleep tracking, providing insights into how long and how well you’ve slept via a companion app that also details your sleep positions and movements. The newer Soundcore Sleep A30 feature active noise cancellation, which is more effective at masking sounds than the A20’s passive isolation, but Anker’s last-gen earbuds remain a decent, budget-friendly option that can help you comfortably tune out most nighttime distractions for nearly half the price.
Cyber expert shares tips to avoid AI phishing scams
Kurt ‘The CyberGuy’ Knutsson shares practical ways to avoid falling victim to AI-generated phishing scams and discusses a report that North Korean agents are posing as I.T. workers to funnel money into the country’s nuclear program.
NEWYou can now listen to Fox News articles!
If you have applied for a loan online, you probably shared more than you realized. Your name. Your email. Your date of birth. Maybe even your home address and phone number. Now imagine all of that sitting on a dark web forum.
That is the reality for nearly 1 million people after hackers breached Figure Technology Solutions, a blockchain-focused fintech lender.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
What happened in the Figure data breach
Figure Technology Solutions, founded in 2018, uses the Provenance blockchain for lending, borrowing and securities trading. The company says it has unlocked more than $22 billion in home equity through partnerships with banks, credit unions, fintechs and home improvement companies. However, behind the scenes, attackers were working on a very different angle.
GOOGLE DROPPED DARK WEB MONITORING: SHOULD YOU CARE?
Nearly 1 million accounts were exposed after hackers breached fintech lender Figure Technology Solutions in a social engineering attack. (Felix Zahn/Photothek via Getty Images)
According to breach notification data shared by Have I Been Pwned, information from 967,200 accounts was exposed. The leaked data included more than 900,000 unique email addresses along with names, phone numbers, physical addresses and dates of birth. That is a gold mine for identity thieves. Figure says the incident stemmed from a social engineering attack. What that means in simple terms is that someone inside the company was tricked into handing over access.
“We recently identified that an employee was socially engineered, and that allowed an actor to download a limited number of files through their account,” a Figure Technology Solutions spokesperson told CyberGuy in a statement. “We acted quickly to block the activity and retained a forensic firm to investigate what files were affected. We understand the importance of these matters and are communicating with partners and those impacted as appropriate. We are also implementing additional safeguards and training to further strengthen our defenses. We are offering complimentary credit monitoring to all individuals who receive a notice. We continuously monitor accounts and have strong safeguards in place to protect customers’ funds and accounts.”
Social engineering is the real weapon
When people hear the word blockchain, they think secure and untouchable. But attackers did not break cryptography. They targeted a human being. Groups like ShinyHunters specialize in this playbook. They reportedly claimed responsibility for the breach and, according to BleepingComputer, posted 2.5GB of data allegedly tied to thousands of loan applicants.
In recent weeks, the same group has claimed breaches involving companies like Canada Goose, Panera Bread and SoundCloud. Not every case is connected. Still, security researchers have observed a troubling pattern. Attackers impersonate IT support. They call employees. They create urgency. Then they direct victims to fake login portals that look nearly identical to real ones.
Once employees enter credentials and even multi-factor authentication codes, attackers gain access to single sign-on systems tied to major platforms like Microsoft and Google. From there, one compromised account can unlock a web of connected tools and internal systems.
PANERA BREAD DATA BREACH EXPOSES 5.1M CUSTOMERS
Security researchers say the Figure data leak underscores how social engineering bypasses even blockchain-based platforms. (Maxim Konankov/NurPhoto via Getty Images)
Why this matters to you
If your information was part of the Figure data breach, criminals now have enough detail to craft convincing phishing emails or phone scams. They can reference your real name. They can cite your address. They can pretend to be a lender or bank calling about your application.
Even if you never applied for a loan with Figure, this incident highlights something bigger. No platform is immune to human error. And social engineering works because it targets trust, not technology.
The bigger lesson about blockchain and trust
Figure markets itself as blockchain native. Blockchain can provide transparency and strong cryptographic security. However, none of that protects against a well-crafted phone call.
Security failures often happen at the human layer. That is where attackers focus their energy. As more financial services move online, the attack surface grows. Loan applications, identity verification tools and cloud-based systems create convenience. They also create new targets.
How to protect yourself after the Figure data breach
You cannot control how companies secure their systems. You can control how you respond. Start by checking whether your email address appears in the exposed dataset, then take the steps below to lock down your accounts.
SUBSTACK DATA BREACH EXPOSES EMAILS AND PHONE NUMBERS
Figure says an employee was tricked into granting access, allowing attackers to download sensitive customer data. (Luke MacGregor/Bloomberg via Getty Images)
Check if your email was exposed
To see if your email address was affected, visit https://haveibeenpwned.com/. Enter your email address to find out whether your information appears in the leak. When finished, return here and begin Step 1 below.
Take these steps immediately
- Change any exposed passwords right away. Do not leave a known leaked password in place. Update it everywhere you used it. Use a password manager to create strong, unique passwords for every account. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com
- Turn on multi-factor authentication wherever possible.
- Never share login codes with anyone, even if they claim to be IT support.
- Install strong antivirus software to help block phishing links, malicious downloads and ransomware that often follow major breaches. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
- Consider a data removal service to reduce your personal information on data broker sites, which scammers often combine with breached data. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
- Place a free fraud alert or credit freeze with the major credit bureaus.
- Monitor your bank and credit card statements weekly for suspicious activity.
Also, be cautious of unexpected calls about your accounts. If someone pressures you to act immediately, hang up and call the company directly using a number from its official website.
Kurt’s key takeaways
The Figure data breach is a reminder that technology alone cannot protect sensitive information. A single employee tricked into revealing credentials can expose hundreds of thousands of people. That is not a blockchain failure. It is a trust failure. If your data was involved, take action now. Even if it was not, treat this as a wake-up call. Your personal information has value. Criminals know it. Companies should know it too.
If one phone call can unlock nearly a million records, are companies investing enough in training people, or are they still betting everything on technology alone? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Related Article
During Apple’s week-long product launch event on Tuesday, a listing for the “MacBook Neo (Model A3404)” appeared on a regulatory compliance page on Apple’s website under its line-up of 2026 MacBooks. First spotted by MacRumors, the listing appears to be an accident and has since been removed, but may have been a leaked reference to a rumored entry-level MacBook. Unfortunately, it didn’t include any additional details beyond the device’s name and model number.
The lower price and an “entirely new design” could help the new MacBook appeal to students and casual users, competing with Chromebooks and low-cost Windows laptops. A more affordable MacBook could be especially appealing after Apple announced the M5 MacBook Air on Tuesday, which has a higher starting price than last year’s Air.
Detroit Pistons’ loss to Cavs shows weaknesses before playoffs
Floats for San Francisco Chinese New Year Parade get finishing touches
Hip-hop hitmaker Cardi B coming to AAC in Dallas
Shooting in northwest Miami-Dade leaves man in critical condition, sheriff’s office says
Charlotte plays Boston on 5-game win streak
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Video: Senators Question Kristi Noem on ICE Immigration Tactics
Combustible Republican Senate primary in Texas heading into overtime
Hungarian veto proves EU needs less unanimity, says new Dutch PM
Pregnant migrant girls are being sent to a Texas shelter flagged as medically risky
Fraud-plagued Minnesota sues Trump admin for withholding $243M in Medicaid payments
-
World6 days agoExclusive: DeepSeek withholds latest AI model from US chipmakers including Nvidia, sources say
-
Massachusetts7 days agoMother and daughter injured in Taunton house explosion
-
Denver, CO7 days ago10 acres charred, 5 injured in Thornton grass fire, evacuation orders lifted
-
Louisiana1 week agoWildfire near Gum Swamp Road in Livingston Parish now under control; more than 200 acres burned
-
Oregon5 days ago2026 OSAA Oregon Wrestling State Championship Results And Brackets – FloWrestling
-
Florida3 days agoFlorida man rescued after being stuck in shoulder-deep mud for days
-
Maryland3 days agoAM showers Sunday in Maryland
-
Culture1 week agoTry This Quiz on Thrilling Books That Became Popular Movies