New federal figures confirm the worst-case scenario: 192.7 million people were affected by the UnitedHealth cyberattack. Although first reported at roughly 100 million, the U.S. Health Department’s updated tally shows the breach’s true scope. UnitedHealth earlier estimated around 190 million, noting totals vary by state.
What the updated UnitedHealth breach numbers mean for patients and families today? Change Healthcare, UnitedHealth’s tech unit and a national payment processor for Aetna, Anthem, Blue Cross Blue Shield and Cigna, was infiltrated in February 2024 by the BlackCat ransomware gang, disrupting claims and care across the country. In a May Congressional hearing, officials said attackers used stolen employee credentials to access Citrix remote access that lacked multi-factor authentication.
UnitedHealth paid a $22 million ransom for promised deletion; the data was not erased, and the group later shut down its servers in an exit scam.
Sensitive information exposed includes medical and personal records across multiple categories
According to the disclosures, the stolen data included a wide array of record types. Here’s a quick view of what was exposed:
| Category | Examples |
|---|---|
| Medical information | diagnoses, test results, treatment details, medical record numbers |
| Health insurance data | member or group ID numbers |
| Personal identifiers | Social Security numbers, driver’s license numbers |
| Financial and billing | billing and payment data, claims history, billing codes |
Worried your data could be in the mix?
Steps to reduce identity theft risk after a major breach
So, what should you do now? Take these actions to lower your risk and stay vigilant:
- Enroll in a reputable identity theft protection service before any fraud occurs to access support and insurance.
- Use trusted antivirus software, keep devices updated, and monitor accounts for unusual activity.
- Avoid clicking on links, QR codes, or attachments from unknown senders.
- Be skeptical of social media outreach and offers that seem too good to be true.
- Consider a security suite that includes a VPN for browser-level privacy protection.
With 192.7 million affected, this incident touches a vast share of the country. Therefore, review your statements, watch for notices from UnitedHealth and Change Healthcare, and take the preventive steps above. Totals may differ by state, but the urgency is the same.