A startling new update has disclosed that the UnitedHealth data breach from February has impacted more than 100 million Americans, marking it as the most extensive healthcare data breach in U.S. history. The ramifications of this breach extend beyond single patients, impacting whole families and magnifying the scope of this unparalleled cyberattack.
### SEE ALSO:
[23andMe data breach settlement could provide up to $10K to victims](https://mashable.com/article/23andme-data-breach-settlement)
The revised number was announced on October 24 by the U.S. Department of Health and Human Services Office for Civil Rights, which updated its data breach portal to reveal the complete magnitude of the breach. Although the attack took place in February, this is the first formal report outlining the extensive impact.
This breach was carried out by a ransomware group known as ALPHV, which targeted the payment processing system of UnitedHealth’s Change Healthcare division in February 2024. According to a [report from *Forbes*](https://www.forbes.com/sites/larsdaniel/2024/10/28/100-million-americans-medical-records-exposed-in-massive-data-breach/), the incident not only jeopardized sensitive information but also disrupted essential services at hospitals, clinics, and medical offices nationwide, resulting in widespread operational turmoil.
In efforts to recover the compromised data and prevent additional exposure, UnitedHealth allegedly paid the hackers $22 million. However, the hackers did not honor the agreement, retaining both the funds and the stolen data, which continues to be exposed on the dark web, putting millions of Americans at risk.
UnitedHealth provided the following statement to *Forbes* concerning the breach:
> “We are proceeding to notify potentially affected individuals as swiftly as possible, on a rolling basis, considering the volume and complexity of the data involved. The investigation is still nearing completion. Change Healthcare is continually updating the status of the event, and we have also sent substitute notifications through the wire. Most importantly, Change Healthcare is in ongoing communication with the U.S. Department of Health and Human Services, Office for Civil Rights, and other regulators about our notification process. We are dedicated to notifying potentially impacted individuals as rapidly as we can. We urge consumers to contact us with inquiries and to follow the steps outlined below.”
If you suspect that you might have been impacted by this breach, *Forbes* advises monitoring your bank and credit card transactions, requesting a credit freeze, and being vigilant for signs of medical fraud by examining insurance statements for any unfamiliar claims or services.