UnitedHealth has confirmed the ransomware assault on its Change Healthcare unit final February affected round 190 million individuals in America — practically double earlier estimates.

The U.S. medical insurance big confirmed the most recent quantity to TechCrunch on Friday after the markets closed.

“Change Healthcare has decided the estimated complete variety of people impacted by the Change Healthcare cyberattack is roughly 190 million,” stated Tyler Mason, a spokesperson for UnitedHealth Group in an electronic mail to TechCrunch. “The overwhelming majority of these individuals have already been offered particular person or substitute discover. The ultimate quantity will probably be confirmed and filed with the Workplace for Civil Rights at a later date.” 

UnitedHealth’s spokesperson stated the corporate was “not conscious of any misuse of people’ info because of this incident and has not seen digital medical file databases seem within the knowledge in the course of the evaluation.” 

The February 2024 cyberattack is the most important breach of medical knowledge in U.S. historical past and brought about months of outages throughout the U.S. healthcare system. Change Healthcare, a well being tech big and UnitedHealth subsidiary, is likely one of the largest handlers of well being, medical knowledge, and affected person information; it’s additionally one of many largest processors of healthcare claims in the US.

The information breach resulted in the theft of massive quantities of health and insurance-related information, a few of which was printed on-line by the hackers who claimed accountability for the breach. Change Healthcare subsequently paid at least two ransoms to prevent further publication of the stolen information.

UnitedHealth beforehand put the number of affected individuals at round 100 million individuals when the corporate filed its preliminary evaluation with the Workplace for Civil Rights, the unit underneath the U.S. Division of Well being and Human Providers that investigates knowledge breaches.

In its knowledge breach discover, Change Healthcare stated that the cybercriminals stole names and addresses, dates of start, telephone numbers, electronic mail addresses, and authorities id paperwork, which included Social Safety numbers, driver’s license numbers, and passport numbers. The stolen well being knowledge additionally contains diagnoses, drugs, take a look at outcomes, imaging, and care and therapy plans, in addition to medical insurance info. Change stated the information additionally contains monetary and banking info present in affected person claims.

The breach was attributed to the ALPHV ransomware gang, a prolific Russian language cybercrime group. Based on testimony by UnitedHealth Group’s CEO Andrew Witty to lawmakers final 12 months, the hackers broke into Change’s programs utilizing a stolen account credential, which was not protected with multi-factor authentication.