Technology
Change Healthcare ransomware attack exposes personal health information of over 100 million
Over the past few months, we’ve seen a wave of data breaches affecting millions of people, from health care giants to government contractors and more. This latest incident is yet another in a long line of alarming breaches. Change Healthcare experienced a major data breach in February this year, causing widespread disruption across the U.S. health care sector. At the time, the company did not specify how many people were affected by the breach but hinted that it might impact well more than one-third of the U.S. population, marking one of the largest known digital thefts of medical records to date.
The owner of Change Healthcare, UnitedHealth Group (UHG), has now confirmed for the first time that more than 100 million people had their personal information and health care data stolen in what was a ransomware attack.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
UnitedHealth Group confirmed for the first time that more than 100 million people had their personal information and health care data stolen. (Kurt “CyberGuy” Knutsson)
Timeline of the Change Healthcare cyberattack
The Change Healthcare cyberattack happened in February, with news going public on Feb. 21. To contain the breach, the company took its systems offline, which led to immediate disruptions across the U.S. health care sector that relies on Change’s services for claims processing, payments and data sharing. UHG CEO Andrew Witty told Congress in May that “maybe a third” of Americans’ health data was exposed in the attack.
A month later, Change Healthcare sent out a data breach notice confirming that the February ransomware attack exposed a “substantial quantity of data” affecting many Americans. UnitedHealth Group started notifying impacted individuals in late July, with notifications continuing through October, and the final tally of those affected was released this month.
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) data breach portal updated the total number of impacted people to 100 million: “On October 22, 2024, Change Healthcare notified OCR that approximately 100 million individual notices have been sent regarding this breach,” reads an updated FAQ on the OCR website.
The February ransomware attack exposed a “substantial quantity of data” affecting many Americans. (Kurt “CyberGuy” Knutsson)
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
What data got stolen?
There’s roughly a 30% chance your personal data was compromised in this breach. Change Healthcare is one of the largest handlers of health, medical data and patient records, and in 2022 it merged with U.S. health care provider Optum as part of a deal with UHG, bringing the two giants together under UHG’s umbrella.
This merger gave Optum – already managing physician groups and providing tech and data to insurers and health care services – broader access to the patient records handled by Change. Overall, UHG offers benefit plans to more than 53 million customers in the U.S. and another 5 million globally, while Optum serves about 103 million U.S. customers.
The stolen data varies by individual but includes personal information such as names, addresses, dates of birth, phone numbers, email addresses and government ID numbers, including Social Security, driver’s license and passport numbers. On top of that, hackers may also have accessed health data, including diagnoses, medications, test results, imaging, care and treatment plans and health insurance information. Financial and banking details found in claims and payment data are also reportedly compromised.
Change Healthcare is one of the largest handlers of health, medical data and patient records. (Kurt “CyberGuy” Knutsson)
FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU
What caused the data breach?
The Change Healthcare data breach was caused by a ransomware attack, a type of malware attack that blocks access to the victim’s personal data unless a “ransom” is paid. UHG said ALPHV/BlackCat was behind the attack, a Russian-speaking ransomware and extortion gang that later took credit for the cyberattack.
However, the attack was made possible because Change Healthcare wasn’t smart enough to protect its customers’ data with multifactor authentication. The company admitted this during a House hearing into the cyberattack in April. This raises an important question: how could a company that has billions of dollars in revenue and stores data for over 100 million Americans fail at basic cybersecurity?
UHG paid a ransom to get a decryptor and for the hackers to delete the stolen data. The ransom was said to be around $22 million and was supposed to be split between the affiliate and the ransomware operation. However, BlackCat kept it all for themselves and pulled an exit scam.
This complicated things for UHG because the affiliate claimed they still had the company’s data. They later joined forces with a new group called RansomHub, leaking some of the stolen data and extorting a second ransom from UHG.
6 ways to protect yourself from Change Healthcare data breach
1) Remove your personal information from the internet: While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. Check out my top picks for data removal services here.
2) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.
3) Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request. The best way to protect yourself from clicking malicious links that install malware is to have strong antivirus protection installed on all your devices. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
4) Monitor your accounts: Breaches of this magnitude will make it a necessity for you to start routinely reviewing your bank accounts, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.
5) Recognizing and reporting a Social Security scam: If there is a problem with a person’s Social Security number or record, Social Security will typically mail a letter. You can learn more about recognizing Social Security-related scams, including how to report a scam quickly and easily online to Social Security’s Office of the Inspector General, by reading more at www.ssa.gov/scams.
6) Invest in identity theft protection: Data breaches happen every day and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.
Kurt’s key takeaway
In just 2024, with over two months still to go, we’ve witnessed countless data breaches affecting millions of Americans. This highlights how valuable your data is and how little some companies are doing to protect it. Big firms with massive revenues are struggling to implement even the most basic cybersecurity measures, practically inviting cybercriminals to hack their systems. Change Healthcare fell into this trap by not implementing two-factor authentication, leaving everything from your financial details to health data in the hands of criminals.
Do you think these companies are doing enough to protect your data and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt: Copyright 2024 CyberGuy.com. All rights reserved.
OpenAI announced yet another reorganization Friday, consolidating certain areas and making company president Greg Brockman the official lead of all things product.
In a memo viewed by The Verge, Brockman wrote that since OpenAI’s product strategy for this year is to go all-in on AI agents, the company is combining its products to “invest in a single agentic platform and to merge ChatGPT and Codex into one unified agentic experience for all.”
To do this, the company is making a suite of org chart changes, although it’s still operating under some of the same ones from last month. That’s when AGI boss Fidji Simo went on medical leave and OpenAI announced that Brockman would be in charge of product strategy and CSO Jason Kwon, CFO Sarah Friar, and CRO Denise Dresser would take control of business operations.
It’s all part of OpenAI’s recent strategic shift to focus on key revenue drivers like coding and enterprise and stop pouring resources into “side quests” ahead of its potential IPO later this year and amid investor pressure to turn a profit.
In Simo’s continued absence, Brockman’s role leading product strategy is now official, as well as the company’s “scaling” arm. Under Brockman will be four different pillars. The first is core product and platform, led by Thibault Sottiaux, who has been OpenAI’s engineering lead for Codex, and the second is critical enterprise industries, led by ChatGPT head Nick Turley. Third is the consumer pillar, such as health, commerce, and personal finance, which will be led by Ashley Alexander, who has been its healthcare products VP. The fourth pillar — core infrastructure, ads, data science, and growth — will be led by Vijaye Raji, who has been OpenAI’s CTO of applications.
Brockman wrote in the memo that OpenAI’s goal is now to “bring agents to ChatGPT scale, in order to give individuals and organizations significantly more value and utility from our products.”
NEWYou can now listen to Fox News articles!
You’re going about your day when your phone buzzes. A text hits your phone. It looks official. It sounds urgent. And suddenly, you are being told you owe money for a traffic violation. That is exactly what Todd from Texas experienced. He emailed us and said:
“I received this text message today. It was so baffling because I haven’t lived in California for nearly a decade. I didn’t click on anything or respond. How can I tell if this is for real or if this is a scam?”
If you’ve gotten a message like this, you are not alone. This type of scam is spreading fast, and it is designed to pressure you into acting before you think. Let’s break down what is really going on.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
FAKE AGENT PHONE SCAMS ARE SPREADING FAST ACROSS THE US
This message may look official, but several red flags show it is likely a scam designed to pressure you into paying quickly. (Kurt “CyberGuy” Knutsson)
What the traffic ticket scam text looks like
At first, the message seems convincing. It claims to be a “final reminder” from the California DMV, and it warns of penalties like license suspension and added fees. It even includes a link that appears somewhat official. However, once you slow down and take a closer look, the red flags quickly start to pile up.
The biggest red flags in this message
Here are the key warning signs to watch for in messages like this.
9 WAYS SCAMMERS CAN USE YOUR PHONE NUMBER TO TRY TO TRICK YOU
1) The phone number makes no sense
The message comes from a number with a +63 country code. That is the Philippines, not California. Government agencies in the U.S. do not send official legal notices from international numbers. That alone is a major warning sign.
2) No name, just “Dear Driver”
Legitimate notices from a DMV or court almost always include your full name or at least some identifying information. “Dear Driver” is vague on purpose. It allows scammers to send the same message to thousands of people.
3) The link isn’t a real DMV website
The message includes this link:
ca.mnvtl.life/dmv
That isn’t a government domain. Official DMV websites in California use “.ca.gov” or similar trusted domains. Scammers often create lookalike links to trick you into clicking.
4) Urgency and threats
The message pushes you to act quickly with a deadline. It lists consequences like license suspension and extra charges. Scammers rely on fear. When you feel rushed, you are more likely to click without thinking.
FBI WARNS OF DANGEROUS NEW ‘SMISHING’ SCAM TARGETING YOUR PHONE
5) Asking you to reply to proceed
The text says to reply with “Y” to get instructions. That is another trap. Responding confirms your number is active, which can lead to more scam messages.
6) Generic language and odd phrasing
Parts of the message feel slightly off. The tone is formal but not quite right. That subtle awkwardness is common in scam messages sent to large groups of people.
7) Overloaded threats designed to scare you
The message piles on consequences like license suspension, added fees, court action and even credit damage. In this case, it even mentions a license suspension and a $160 late payment charge. That combination is meant to overwhelm you and push you to act fast. Real agencies usually provide clear, specific notices, not a long list of escalating threats in a single text.
INSIDE A SCAMMER’S DAY AND HOW THEY TARGET YOU
Scam texts like this often arrive out of nowhere and try to create urgency before you have time to question them. (Kurt “CyberGuy” Knutsson)
What this means for you
Even if you have never driven in California, you could still receive this message. Scammers cast a wide net and hope someone takes the bait. If you click the link, you could be taken to a fake payment page. That page may ask for your credit card details, personal information or login credentials. In some cases, it can also install malware on your device or redirect you to credential-stealing pages. This isn’t about a ticket. It is about getting your data. State DMVs typically do not send final legal notices or payment demands by text message.
Why these scams keep working
These messages work because they tap into something most people fear. Legal trouble, fines and losing driving privileges. They also look just real enough to pass a quick glance. That is all scammers need. As more services move online, these scams will continue to evolve.
Unlike typical DMV scams, this message impersonates a court and escalates the threats to make the situation feel more serious (Kurt “CyberGuy” Knutsson)
Ways to stay safe from traffic ticket text scams
Start with a simple rule. Never trust a payment request that shows up out of nowhere. Here are practical steps you can take:
1) Do not click the link
If you are unsure, do not tap anything in the message. That includes links and reply options.
2) Use strong antivirus software
If you accidentally click a link, strong antivirus software can help detect malware and protect your data. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
3) Verify directly with the DMV
Go to your state’s official DMV website by typing it yourself into your browser. Do not use the link in the text.
4) Check the sender carefully
Look at the phone number. International numbers or random strings are a clear warning sign.
5) Ignore generic greetings
Real notices will usually include your name or case details. Vague language is a red flag.
6) Consider a data removal service
Scammers often get your number from data broker sites. Removing your personal info from those databases with a data removal service can reduce these messages. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
7) Block and report the number
On your phone, block the sender and report it as spam. This helps reduce future attempts.
8) Turn on spam filtering
Enable spam filtering on your phone or through your carrier to catch more of these messages before they reach you.
Kurt’s key takeaways
Todd did the right thing. He paused, questioned the message and did not click. That one decision likely saved him from handing over personal information. When it comes to messages like this, skepticism is your best defense. If something feels off, trust that instinct.
Should phone carriers and tech companies be doing more to block scams like this before you ever see them? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Honda revealed prototypes of two new hybrid models, an Accord sedan and the Acura RDX SUV, during its annual business briefing this week, built on a platform that it says will begin launching next year. The RDX was announced earlier this year as Honda’s first SUV to feature the next-gen version of its two-motor hybrid system.
In March, Honda announced it would take a writedown of up to 2.5 trillion yen ($15.7 billion) on its EV investments. Now Honda says its EV-related losses will be “resolved” by 2029, and that it will reevaluate its EV plans in 2030.
-
News29 minutes agoSupreme Court is death knell for Virginia’s Democratic-friendly congressional maps
-
New York2 hours agoKataib Hezbollah Commander Accused of Planning Attacks on N.Y.C.
-
Los Angeles, Ca2 hours agoRip tides, high surf forecast for Los Angeles beaches this weekend
-
Detroit, MI2 hours agoWhat time is Pistons Game 7 vs Cavs? Date, tickets in Detroit
-
San Francisco, CA3 hours agoSan Francisco prepares for Bay to Breakers run
-
Dallas, TX3 hours agoSouthwest lays off about 75 employees in latest restructuring move
-
Miami, FL3 hours agoMark Matthews Announces Commitment – Chooses Between Georgia, Miami, and Others
-
Boston, MA3 hours agoAliyah Boston Leaves Fever Game With Lower Leg Injury