In February 2024, Change Healthcare, a critical division of UnitedHealth Group, fell victim to a devastating BlackCat/ALPHV ransomware attack. The assault crippled its systems, disrupting prescription processing, medical claims, and payment operations across the U.S. healthcare sector. Over 100 million individuals were impacted due to service outages, with hospitals, pharmacies, and insurers facing delays in billing, reimbursements, and patient care. The company paid a $22 million ransom, but total financial losses ballooned to an estimated $2 billion, factoring in operational downtime, recovery costs, and reputational damage. The attack exposed vulnerabilities in third-party supply chains, as the breach originated from compromised credentials in a connected vendor system. Regulatory scrutiny intensified, with federal investigations probing compliance failures under HIPAA and cybersecurity negligence. The incident underscored the escalating threat of RaaS (Ransomware-as-a-Service) models, where affiliate hackers leverage sophisticated tools to target high-value sectors like healthcare, exploiting systemic interdependencies for maximum disruption.

On April 8, 2024, the Maine Office of the Attorney General reported a data breach involving CVS that occurred on January 1, 2023. The breach was an internal system breach affecting a total of 10 individuals, with consumer notification conducted electronically on January 10, 2023. Identity theft protection services were offered.

Over a billion customer records of Pharmacy giant CVS were leaked on internet in a cyber incident. The exposed data included customer email addresses, device IDs, and the order histories of CVS. Upon learning about the incident CVS Health immediately worked to secure the data and informed the impacted customers to remain alert.