If you don’t know yet, on February 21, 2024, a high-stakes hacker game aimed at Change Healthcare, a leading digital health firm, which turned out to be an expansive cyber breach. This was not just another cyber scrape; rather, it was an infiltration by the ALPHV (BlackCat) ransomware syndicate that paved the way to Change Healthcare’s systems while getting hands on more than 100 million sensitive files of individuals which is roughly a third of the U.S. population, you know? This also happened to be the largest healthcare data breach ever to be reported, having wiped out the infamous Anthem breach from 2015 as the top record.
Not just that though, the association between Change Healthcare and UnitedHealth Group, which was completed in 2022, has further heightened the impact. So, let’s just go over this Change Healthcare Breach Lawsuit, and see what is really going on here.
How the Breach Unfolded
Initially, you see, the breach was detected in February 2024 when hackers broke into Change Healthcare’s systems. And sure, in the consecutive weeks, the misappropriated data was thoroughly enquired into, and it became clear that approximately 6 terabytes of confidential data were the basis of the breach, which is not a small thing at all. Like, by March, the number of victims grew to millions. In July, however, the company had already started informing the victims of the breach and the potential misuse of their data.
By September, the accusations increased with more than 50 lawsuits against Change Healthcare. These lawsuits have been later combined and are now being dealt with as one federal case, you know? And sure, investigations by the government are in progress as of now and the news on this breach is just literally everywhere.
The Sensitive Data Exposed
For sure, as far as we know, the leaked data consists of extremely personal information: health insurance details, Social Security numbers, billing records, and medical histories. As such, many of the people who were affected were open to the possibility of exposure to private health information such as medical history, diagnoses, tests, and prescribed drugs. Like, the company, Change Healthcare, which is responsible for a large amount of health data, made many millions wonder whether their personal information would be handled safely and the possibility of fraud would be there.
Not just that though, the monetary cost of the breach is enormous. UnitedHealth Group expects expenses of as much as $2.87 billion by the end of 2024, which will be for covering costs from ransom, investigations, and the implementation of better security, and it all is just adding up.
Costs and Fallout for Change Healthcare and UnitedHealth Group
Looking at whatever is going on these days with data breaches, yes, we can say one thing for sure, the effects of the violation have been hugely devastating for both Change Healthcare and UnitedHealth Group. And just so you know, they calculated the total cost as of October has been $2.87 billion inclusive of a ransom of $22 million being paid to the hackers. Though, whether this payment has helped the leaking of data is not clear. Sure, the data is out there now, but they can certainly put up some preventative measures so that this type of chaos doesn’t happen ever in the future, and sure, it’ll cost a lot.
On the other hand, the breach has taken a toll on medical institutions reliant on Change Healthcare’s payment and claims processing. How? Well, the result was companies being unable to bill on time which had a negative impact on cash flow and daily operations. To overcome the effects of these disruptions, UnitedHealth gave healthcare facilitators $9 billion in loaned money, which in turn, helped stabilize operations that were affected.
