UnitedHealth Group A.I CyberSecurity Scoring
UnitedHealth Group
Company Information
Website:https://www.unitedhealthgroup.com/
Employees number:91,204
Number of followers:1,681,191
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:unitedhealthgroup.com
UnitedHealth Group Risk Score (AI oriented)
Between 0 and 549
UnitedHealth GroupHospitals and Health Care
Updated:
10/07/2026
10/07/2026
100/1000
Critical
C
UnitedHealth Group Global Score (TPRM)
xxxx
UnitedHealth GroupHospitals and Health Care
Score locked

UnitedHealth GroupCritical
Current Score
100C (CRITICAL)
01000
25 incidents
-71.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
100
JUNE 2026
100
Cyber Attack
02 Jun 2026 • UnitedHealth Group
UnitedHealth Group and Change Healthcare: KVUE
Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare Network
100
CRITICAL0
UNICHA1780411681
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group, has severely disrupted healthcare operations across the U.S., highlighting vulnerabilities in critical medical infrastructure. The incident, first detected on February 21, 2024, forced the company to disconnect systems to contain the breach, leading to widespread delays in prescription processing, insurance claims, and payment systems for pharmacies, hospitals, and clinics.
The attack, attributed to the BlackCat/ALPHV ransomware group, encrypted sensitive data and disrupted services for weeks, with some providers reporting ongoing issues into March. Change Healthcare processes 15 billion healthcare transactions annually, affecting roughly one in three U.S. patient records. While the full scope of compromised data remains unclear, early reports suggest personal and medical information may have been exfiltrated, raising concerns about potential identity theft and fraud.
UnitedHealth Group confirmed the attack originated from a compromised credential, allowing threat actors to bypass security measures. The company has since restored some services, but the incident has drawn scrutiny from lawmakers and regulators, including the HHS Office for Civil Rights, which launched an investigation into potential HIPAA violations. The attack underscores the growing targeting of healthcare providers by cybercriminals, who exploit the sector’s reliance on interconnected systems and high-stakes data.
As recovery efforts continue, the disruption has left patients facing delayed care and financial strain, while healthcare organizations grapple with operational and reputational fallout. The incident serves as a stark reminder of the cascading effects of cyberattacks on critical services.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MAY 2026
100
Ransomware
07 May 2026 • UnitedHealth Group
UnitedHealth Group and Change Healthcare: MSN
Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare System
100
CRITICAL0
UNICHA1778149488
Cyberattack Disrupts Major U.S. Healthcare Provider, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), has caused widespread disruptions across the U.S. healthcare system, delaying payments, prescriptions, and critical medical services. The incident, first detected on February 21, 2024, forced the company to take its systems offline, severing connections with pharmacies, hospitals, and insurers nationwide.
The attack has been attributed to the BlackCat (ALPHV) ransomware group, which claimed responsibility and allegedly stole 6 terabytes of sensitive data, including patient records, insurance details, and billing information. While UHG has not confirmed whether a ransom was paid, reports suggest the group received a $22 million payment one of the largest known ransomware payouts to date.
The fallout has been severe: pharmacies reported delays in processing prescriptions, healthcare providers faced interruptions in claims processing, and some patients experienced denied or delayed care due to system outages. The U.S. Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) are investigating the breach, which has raised concerns about the vulnerability of healthcare infrastructure to cyber threats.
Change Healthcare processes 15 billion healthcare transactions annually, making this one of the most significant cyber incidents to hit the U.S. medical sector. Recovery efforts are ongoing, but the full extent of the data exposure and long-term operational impact remains unclear. The attack underscores the growing risk of ransomware targeting critical healthcare systems, where disruptions can directly endanger patient safety.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
100
Ransomware
14 Apr 2026 • UnitedHealth Group
UnitedHealth Group and Change Healthcare: WUSA9
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
100
CRITICAL0
CHAUNI1776205836
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), has caused widespread disruption across the U.S. healthcare system, impacting pharmacies, hospitals, and patients nationwide. The incident, first detected on February 21, 2024, forced the company to take its systems offline, halting critical services such as prescription processing, insurance claims, and payment systems.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which claimed responsibility and later allegedly received a $22 million ransom payment one of the largest known in healthcare. Despite the payment, the group reportedly withheld decryption keys, leaving Change Healthcare to rebuild affected systems independently. The breach exposed sensitive patient data, including medical records, billing information, and personal identifiers, though the full extent of the compromise remains under investigation.
The fallout has been severe: pharmacies faced delays in filling prescriptions, healthcare providers struggled with billing disruptions, and patients encountered difficulties accessing medications. The American Hospital Association (AHA) warned of "catastrophic" financial strain on hospitals, some of which reported cash-flow crises due to unprocessed claims. The U.S. Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) are coordinating with law enforcement to assess the breach’s scope and mitigate further risks.
Change Healthcare has since restored many services, but the incident underscores the growing threat of ransomware to critical infrastructure, particularly in healthcare, where operational disruptions can have life-threatening consequences. The attack also raises concerns about the BlackCat group’s tactics, including double-extortion schemes and targeting high-value victims for maximum leverage. Investigations into the breach’s origins and potential regulatory penalties are ongoing.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Ransomware
14 Apr 2026 • UnitedHealth Group
UnitedHealth Group and Change Healthcare: KARE 11
Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare Network
100
CRITICAL0
UNICHA1776140687
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), has caused widespread disruptions across the U.S. healthcare system, impacting pharmacies, hospitals, and patients nationwide. The incident, first detected on February 21, 2024, forced the company to take its systems offline, halting critical services such as prescription processing, insurance claims, and payment systems.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which reportedly exploited vulnerabilities in Change Healthcare’s IT infrastructure. While UHG has not confirmed whether a ransom was paid, the group claimed responsibility and later removed its dark web post, a tactic often associated with negotiations or payment. The breach exposed sensitive patient data, though the full extent of the compromise remains under investigation.
The fallout has been severe, with pharmacies reporting delays in filling prescriptions, healthcare providers struggling to process claims, and patients facing difficulties accessing medications. Some hospitals have resorted to manual workarounds, while others have temporarily diverted services to alternative systems. The American Hospital Association (AHA) has urged federal agencies to provide emergency funding and support to mitigate the crisis.
As of March 2024, Change Healthcare has begun restoring services, but full recovery is expected to take weeks. The incident underscores the growing threat of ransomware to critical infrastructure, particularly in the healthcare sector, where operational disruptions can have life-threatening consequences. Regulatory bodies, including the HHS Office for Civil Rights (OCR), are monitoring the situation for potential HIPAA violations.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
APRIL 2026
100
Ransomware
09 Apr 2026 • UnitedHealth Group
Change Healthcare: MSN
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
100
CRITICAL0
CHA1775773596
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A significant cyberattack targeted Change Healthcare, a key subsidiary of UnitedHealth Group, in late February 2024, causing widespread disruptions across the U.S. healthcare system. The attack, attributed to the BlackCat/ALPHV ransomware group, encrypted critical systems, halting claims processing, prescription fulfillment, and payment operations for pharmacies, hospitals, and clinics nationwide.
The incident forced healthcare providers to revert to manual processes, delaying patient care and financial transactions. While UnitedHealth Group confirmed the attack on February 21, the full extent of the breach remains under investigation. Early reports suggest sensitive patient data, including medical records and personal information, may have been exfiltrated, raising concerns about potential identity theft and fraud.
Change Healthcare, which processes nearly 15 billion healthcare transactions annually, plays a central role in the U.S. medical billing ecosystem. The attack underscores vulnerabilities in third-party healthcare IT infrastructure and the growing threat of ransomware targeting critical services. As of early March, recovery efforts were ongoing, with UnitedHealth Group working to restore systems and mitigate further risks. The incident has prompted discussions among policymakers and cybersecurity experts about strengthening defenses in the healthcare sector.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
100
FEBRUARY 2026
102
Ransomware
03 Feb 2026 • UnitedHealth Group
UnitedHealth Group and Change Healthcare: NEWS CENTER Maine
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
100
CRITICAL-2
CHAUNI1770195897
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), has caused widespread disruptions across the U.S. healthcare system, impacting pharmacies, hospitals, and insurance providers. The incident, first detected on February 21, 2024, forced the company to take its systems offline, halting critical services such as prescription processing, claims submissions, and payment transactions.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which claimed responsibility and later listed the stolen data on its dark web leak site. While UHG has not confirmed whether a ransom was paid, reports suggest the hackers may have received a $22 million payment one of the largest known ransomware payouts to date. The breach exposed sensitive patient information, including medical records, billing details, and personal identifiers, though the full extent of the data compromise remains under investigation.
The outage has had cascading effects, with pharmacies reporting delays in filling prescriptions, healthcare providers struggling to verify insurance coverage, and patients facing challenges accessing medications. Some hospitals have resorted to manual workarounds, while others have temporarily diverted patients to alternative facilities. The American Hospital Association (AHA) and the U.S. Department of Health and Human Services (HHS) have issued alerts, urging organizations to monitor for potential fraud and reinforce cybersecurity measures.
Change Healthcare has since begun restoring services, with partial functionality returning in early March, but full recovery is expected to take weeks. The incident underscores the growing threat of ransomware to critical infrastructure, particularly in the healthcare sector, where operational disruptions can directly endanger patient care. Regulatory scrutiny is likely to follow, as lawmakers and industry groups assess the attack’s implications for data security and resilience in the healthcare ecosystem.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
256
DECEMBER 2025
241
Ransomware
11 Dec 2025 • UnitedHealth Group
UnitedHealth, Ticketmaster, MGM Resorts, Ripple, Snowflake, Google, Allianz, Equifax, Maersk, Toyota, Merck and Oracle: 2025 Cybersecurity Almanac: 100 Facts, Figures, Predictions And Statistics
Global Cybercrime Surge and Major Incidents (2024-2025)
100
CRITICAL-141
MEREQUUNIMAEMGMGOOTOYSNOALLORARIPTIC1775528897
Cybercrime in 2025: A Global Threat Surpassing National Economies
Cybercrime continues to escalate into one of the world’s most lucrative illicit industries, with damages projected to reach $10.5 trillion USD globally in 2025 a figure that, if measured as a country, would rank as the third-largest economy after the U.S. and China. This staggering growth, driven by increasingly sophisticated attacks, underscores the evolving threat landscape as cybercriminals target businesses, governments, and individuals with alarming efficiency.
### The Cybercrime Epidemic: Key Trends
- Underreporting Persists: Despite improved reporting practices, less than 25% of global cybercrimes are reported to law enforcement, leaving vast swaths of criminal activity unaddressed.
- Youth-Driven Threats: The FBI reports that cybercriminals are getting younger, with the average age of arrested offenders dropping a trend that complicates traditional law enforcement approaches.
- Hotspots Identified: A 2024 World Cybercrime Index ranked Russia, Ukraine, China, the U.S., Nigeria, and Romania as the top sources of cybercrime, highlighting concentrated hubs of malicious activity.
### Ransomware: A Pervasive Threat
Ransomware remains a dominant force, with attacks increasing 9% year-over-year in 2024. The most active groups Akira, LockBit, RansomHub, FOG, and PLAY targeted critical infrastructure, with 88% of small-to-midsized businesses (SMBs) and 39% of large enterprises experiencing breaches. The financial toll is staggering:
- $20 billion USD in 2021 (up from $325 million in 2015).
- Projected to exceed $265 billion by 2031, with attacks occurring every 2 seconds by 2031.
High-profile incidents in 2024–2025 include:
- UnitedHealth’s $1.6 billion loss after a ransomware attack disrupted U.S. healthcare payments.
- CDK Global’s auto dealership shutdowns, forcing businesses offline for days after a ransom demand in the tens of millions.
- MGM Resorts’ $100 million hit from a 2023 attack that crippled casino operations.
### Cryptocurrency Crime: A Booming Black Market
Cryptocurrency-related crimes surged, with $28 billion in illicit funds flowing into exchanges over two years. Key developments:
- Ripple co-founder Chris Larsen lost $112.5 million in a 2024 hack one of the largest individual crypto thefts.
- Huione, a Cambodian marketplace, processed $70 billion in suspicious transactions since 2021, facilitating scams, fraud, and sanctioned activities.
- North Korea’s Lazarus Group was linked to the $625 million Axie Infinity hack (2022), the largest crypto theft to date.
### Major Breaches and Supply-Chain Attacks
2024–2025 saw a wave of supply-chain and cloud-based attacks, exposing vulnerabilities in interconnected systems:
- Snowflake Breach: Hackers exploited stolen credentials to access 560 million Ticketmaster records and Live Nation data, prompting a federal investigation.
- Salesforce Exploits: The ShinyHunters gang breached dozens of companies, including Google, Allianz, and Toyota, by targeting cloud databases.
- MOVEit Hack: The Clop ransomware group compromised 2,600+ organizations, including U.S. government agencies and global corporations.
- Oracle Cloud Attack: Over 100 companies were affected by a campaign targeting Oracle’s business software, with damages still being tallied.
### Historic Cyberattacks: Lessons from the Past
The report highlights landmark cyber incidents that reshaped security paradigms:
- Equifax (2017): 147 million records exposed, including Social Security numbers, due to an unpatched vulnerability.
- NotPetya (2017): A $10 billion attack originating in Ukraine, crippling Maersk, Merck, and global supply chains.
- WannaCry (2017): Infected 200,000 systems across 150 countries, demanding Bitcoin ransoms.
- Stuxnet (2010): A U.S.-Israeli cyberweapon that sabotaged Iran’s nuclear centrifuges.
- Heartbleed (2014): A catastrophic OpenSSL flaw that exposed 500,000 servers to data theft.
### The Future of Cybersecurity
While AI-driven defenses have reduced breach containment times to 241 days (the lowest in nine years), the same technologies are being weaponized by attackers. With 60% of global data now stored in the cloud and 6 billion internet users by 2025, the attack surface continues to expand. Small businesses remain particularly vulnerable 60% fold within six months of a cyberattack.
As cybercrime evolves, the economic and operational risks demand heightened vigilance, though the battle against digital threats shows no signs of slowing.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
306
OCTOBER 2025
226
SEPTEMBER 2025
244
AUGUST 2025
232
JUNE 2025
100
Ransomware
06 Jun 2025 • UnitedHealth Group
UnitedHealth
Ransomware Incident Analysis
100
CRITICAL0
UNI721060625
UnitedHealth faced a significant ransomware attack where its subsidiary, Change Healthcare, was compromised. The attack disrupted pharmacy operations, leading to chaos and a desperate need to fill prescriptions. UnitedHealth ultimately paid $22 million in bitcoin to the ALPHV/BlackCat gang to restore services quickly.
INCIDENT DETAILS -
TYPE
MOTIVATION
REFERENCES
MARCH 2025
220
Ransomware
01 Mar 2025 • UnitedHealth Group
Change Healthcare
Massive Cyberattack on Change Healthcare
100
CRITICAL-120
CHA123030725
Change Healthcare, a subsidiary of UnitedHealth, faced a massive cyberattack which disrupted billions of medical claims processing and cost the company $3.1 billion. Dubbed the most significant attack in U.S. healthcare history, it led to extensive disruptions in the healthcare sector. The attack's magnitude and repercussions across interconnected systems underscore its potential to ripple through and impact an entire industry.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
FEBRUARY 2025
104
Ransomware
21 Feb 2025 • UnitedHealth Group
UnitedHealth Group
Ransomware Attack on Change Healthcare
100
CRITICAL-4
UNI002033125
The ransomware attack on Change Healthcare, a component of UnitedHealth Group, reported on February 21, has been notably disruptive within the healthcare industry. This cyberattack is projected to result in financial damages approximating $1.6 billion. The incident has caused considerable perturbation amid providers contending with its extensive repercussions. Recovery efforts are hampered by the lack of clear communication from United Health and Change Healthcare, as providers await definitive instructions from the OCR regarding their reporting duties under HIPAA for this breach.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
JULY 2024
100
Ransomware
29 Jul 2024 • UnitedHealth Group
Change Healthcare
Change Healthcare Cyberattack
100
CRITICAL0
CHA002032225
Change Healthcare experienced a cyberattack leading to widespread disruption of medical billing and pre-authorization services, affecting hundreds of health systems across the United States. The incident resulted in delays in medical procedures, restricted access to prescription medications, financial strains on health systems, and some reportedly facing receivership. The consolidation in healthcare has resulted in fewer alternatives for such services, emphasizing the failures and risks associated with creating single points of failure within critical healthcare infrastructure.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
JULY 2024
259
Ransomware
01 Jul 2024 • UnitedHealth Group
United Health Group
Cyberattack on Change Healthcare
100
CRITICAL-159
UNI000092824
United Health Group encountered severe financial and operational disruptions due to the cyberattack on its subsidiary, Change Healthcare. The attack impaired medical billing and pre-authorization services, causing healthcare procedures to be delayed and prescriptions to be inaccessible. This led to delayed income for healthcare systems, impacting their ability to pay staff and potentially forcing some into financial turmoil. The resultant lack of care and delayed procedures may have affected patient health outcomes.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
JUNE 2024
111
Breach
16 Jun 2024 • UnitedHealth Group
UnitedHealth Group
UnitedHealth Group Cyber-Attack
100
CRITICAL-11
UNI000013125
UnitedHealth Group, parent company of Change Healthcare, reported a cyber-attack affecting 190 million individuals, an increase of 90 million from initial reports. As one of the largest healthcare payment processors, this incident is the most severe healthcare data breach of 2024. The breach, perpetrated by ransomware group ALPHV/Blackcat, led to substantial financial consequences with costs reaching $3.1 billion, according to the company's financial results. This breach has not only compromised the personal information of millions but also resulted in multiple lawsuits against UnitedHealth Group.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
MAY 2024
413
Ransomware
01 May 2024 • UnitedHealth Group
UnitedHealth Group
Ransomware Attack on UnitedHealth Group and Change Healthcare
100
CRITICAL-313
UNI004032125
UnitedHealth Group, the parent company of Change Healthcare, was affected by a ransomware attack that resulted in substantial operational disruption across the healthcare sector. Costs associated with the breach are projected to reach $1.6 billion. This breach compelled healthcare organizations to seek clarifications on their reporting obligations under HIPAA. While the extent of the compromised personal health information (PHI) is still being assessed, the situation highlights the complex challenges involved in managing and securing sensitive healthcare information in the digital age, alongside navigating the intricacies of legal and regulatory compliance.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
APRIL 2024
450
Breach
01 Apr 2024 • UnitedHealth Group
UnitedHealth Group Inc.
Cybersecurity Breach at Change Healthcare Unit of UnitedHealth Group Inc.
196
CRITICAL-254
UNI457070524
UnitedHealth Group Inc. experienced a substantial cybersecurity breach at its Change Healthcare unit, leading to significant financial repercussions. The breach resulted in immediate response costs and broader business disruption, totaling approximately $872 million in the first quarter, with projections of the total pre-tax cost reaching between $1.35 billion and $1.6 billion. Additionally, UnitedHealth is allocating $800 million as claims reserves, to address potential claims from providers due to interrupted services since the breach was reported on February 21. The breach has affected both the network security of Change Healthcare and the continuity of services to providers and partners.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
MARCH 2024
352
Ransomware
01 Mar 2024 • UnitedHealth Group
UnitedHealth Group
UnitedHealth Group Ransomware Attack
232
CRITICAL-120
UNI1012070724
UnitedHealth Group experienced a ransomware attack on February 21, which disrupted their services including medical claim handling and revenue cycle services. This resulted in severe delays in processing claims, pushing healthcare providers towards financial distress, with some nearly facing bankruptcy. The attack by the group BlackCat forced UnitedHealth to rebuild services and affected providers have started filing lawsuits due to not maintaining adequate cybersecurity measures, with allegations of sensitive information leaks. UnitedHealth has paid over $2 billion to affected providers and the data compromised in the attack remains undisclosed.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
FEBRUARY 2024
602
Cyber Attack
21 Feb 2024 • UnitedHealth Group
UnitedHealth Group and Change Healthcare: WNEP
Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare Network
350
CRITICAL-252
UNICHA1768835481
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack targeted Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), on February 21, 2024, crippling critical payment and claims processing systems across the U.S. healthcare sector. The incident, attributed to the BlackCat/ALPHV ransomware group, forced widespread disruptions in pharmacies, hospitals, and clinics, delaying prescriptions, billing, and insurance reimbursements.
The attack exploited vulnerabilities in Change Healthcare’s IT infrastructure, encrypting systems and exfiltrating sensitive data, including patient records and financial information. While UHG has not confirmed the full extent of the breach, reports suggest millions of individuals may be affected, with some data already surfacing on dark web forums.
In response, UHG isolated affected systems, engaged cybersecurity firms, and worked with law enforcement, including the FBI and CISA. The outage lasted over a week, with partial restoration beginning in early March, though lingering disruptions continued to strain healthcare providers. The incident underscores the growing threat of ransomware to critical infrastructure, particularly in sectors reliant on interconnected digital systems.
The fallout has prompted scrutiny of healthcare cybersecurity practices, with industry experts warning of potential long-term financial and operational consequences for providers already grappling with the attack’s aftermath.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Ransomware
21 Feb 2024 • UnitedHealth Group
UnitedHealth Group and Change Healthcare: JavaScript is disabled
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
350
CRITICAL-252
UNICHA1769160792
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a critical payment and claims processing platform owned by UnitedHealth Group (UHG), has caused widespread disruptions across the U.S. healthcare system. The incident, first detected on February 21, 2024, forced the company to take its systems offline, halting prescription processing, insurance claims, and billing operations for pharmacies, hospitals, and clinics nationwide.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which claimed responsibility and allegedly exfiltrated 6 terabytes of sensitive data, including patient records, payment details, and personal information. While UHG has not confirmed whether a ransom was paid, reports suggest the group received a $22 million payment one of the largest known ransomware payouts to date.
The fallout has been severe: pharmacies reported delays in filling prescriptions, healthcare providers faced cash flow shortages due to unprocessed claims, and some patients were forced to pay out-of-pocket for medications. The U.S. Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) are investigating the breach, which has raised concerns about the vulnerability of third-party healthcare vendors.
Change Healthcare has since restored some services, but full recovery remains ongoing. The incident underscores the growing threat of ransomware to critical infrastructure, particularly in sectors reliant on interconnected digital systems.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Ransomware
21 Feb 2024 • UnitedHealth Group
UnitedHealth Group and Change Healthcare: JavaScript is disabled
Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare Network
350
CRITICAL-252
UNICHA1769031261
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group (UHG), has severely disrupted healthcare operations across the U.S., exposing sensitive patient data and causing widespread payment processing delays. The incident, first detected on February 21, 2024, forced the company to disconnect critical systems to contain the breach, leading to cascading effects on pharmacies, hospitals, and clinics reliant on its services.
BlackCat/ALPHV, a notorious ransomware group, claimed responsibility for the attack, asserting they exfiltrated 6 terabytes of data, including medical records, insurance details, and personal information. While UHG has not confirmed whether a ransom was paid, the group’s involvement suggests a financially motivated breach targeting the healthcare sector’s high-value data.
The outage has left providers unable to process claims, verify insurance eligibility, or dispense prescriptions, with some reporting delays in patient care. The American Hospital Association (AHA) warned of "severe financial strain" on smaller healthcare facilities, while federal agencies, including the HHS and FBI, are investigating the incident. Change Healthcare has since restored some services but continues to assess the full scope of the breach.
The attack underscores the growing vulnerability of healthcare infrastructure to cyber threats, with experts noting that the sector’s interconnected systems create high-impact targets for ransomware operators. No timeline has been provided for full recovery.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Ransomware
21 Feb 2024 • UnitedHealth Group
UnitedHealth Group and Change Healthcare: U.S. Investors Accuse South Korea of Discrimination Over Coupang Data Leak
Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare Network
350
CRITICAL-252
UNICHA1769088935
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group, has caused widespread disruption across the U.S. healthcare system, impacting pharmacies, hospitals, and insurance providers. The incident, first detected on February 21, 2024, forced the company to disconnect critical systems to contain the breach, leading to delays in prescription processing, billing, and claims submissions nationwide.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which claimed responsibility and allegedly exfiltrated 6 terabytes of sensitive data, including patient records, insurance details, and financial information. While UnitedHealth Group has not confirmed whether a ransom was paid, the group’s dark web leak site previously listed Change Healthcare as a victim before the listing was removed suggesting possible negotiations.
The fallout has been severe, with some healthcare providers reporting cash flow disruptions due to halted payments, while patients faced difficulties accessing medications. The American Hospital Association (AHA) and U.S. Department of Health and Human Services (HHS) have issued alerts, urging providers to implement contingency plans. Investigations by cybersecurity firms and federal agencies, including the FBI and CISA, are ongoing to assess the full scope of the breach and its implications for healthcare cybersecurity.
This incident underscores the growing threat of ransomware to critical infrastructure, particularly in sectors reliant on interconnected digital systems. The attack’s ripple effects continue to strain an already overburdened healthcare system, raising concerns about long-term vulnerabilities in patient data protection.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Cyber Attack
21 Feb 2024 • UnitedHealth Group
UnitedHealth Group: Daedong-USA confronts US data-breach fallout and right-to-repair pressures
Ransomware Attack on Change Healthcare Disrupts U.S. Healthcare Network
350
CRITICAL-252
UNI1769031536
Cyberattack Disrupts Major U.S. Healthcare Network, Exposing Patient Data
A ransomware attack on Change Healthcare, a key subsidiary of UnitedHealth Group, has severely disrupted U.S. healthcare operations, causing widespread delays in prescription processing, insurance claims, and payment systems. The incident, detected on February 21, 2024, forced the company to take its systems offline, impacting pharmacies, hospitals, and clinics nationwide.
The attack has been attributed to the BlackCat/ALPHV ransomware group, which claimed responsibility and allegedly stole 6 terabytes of sensitive data, including patient records, billing information, and personal details. While Change Healthcare has not confirmed the ransom demand, reports suggest the group sought $22 million in cryptocurrency.
The outage has left healthcare providers struggling to verify insurance coverage, process payments, and fill prescriptions, with some pharmacies resorting to manual workarounds. The American Hospital Association (AHA) described the disruption as "the most significant cyberattack on the U.S. healthcare system in history," urging federal intervention.
UnitedHealth Group has engaged cybersecurity firms to investigate and restore services, though full recovery remains uncertain. The incident underscores the growing threat of ransomware to critical infrastructure, with regulators and lawmakers scrutinizing healthcare cybersecurity vulnerabilities. No evidence has emerged that the stolen data has been publicly leaked yet.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
FEBRUARY 2024
830
Ransomware
01 Feb 2024 • UnitedHealth Group
UnitedHealth Group (Change Healthcare)
Cyberattack on Indian Council of Medical Research (ICMR) Leads to Data Breach of 81.5 Crore Citizens
598
CRITICAL-232
UNI1362813111425
UnitedHealth Group’s subsidiary Change Healthcare suffered a massive cyberattack in February 2024, attributed to the Blackcat (ALPHV) ransomware group. The attack crippled critical systems, disrupting billing, claims processing, and prescription services across the U.S. healthcare sector. Hospitals, pharmacies, and providers faced payment processing outages, delaying patient care and financial transactions. The breach also exposed sensitive patient data, including medical records and personally identifiable information (PII), though the full scope of data theft remains under investigation. UnitedHealth was forced to isolate affected systems, leading to prolonged operational disruptions. The incident triggered federal investigations, with the U.S. Department of Health and Human Services (HHS) and the FBI involved. The financial and reputational damage was severe, with stock drops and lawsuits from affected parties. The attack underscored vulnerabilities in healthcare IT infrastructure, raising concerns about future ransomware threats to critical services.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Ransomware
01 Feb 2024 • UnitedHealth Group
Change Healthcare (UnitedHealth Group)
Ransomware Attacks Overview (2011–2025)
598
CRITICAL-232
CHA455090325
In February 2024, Change Healthcare, a critical division of UnitedHealth Group, fell victim to a devastating BlackCat/ALPHV ransomware attack. The assault crippled its systems, disrupting prescription processing, medical claims, and payment operations across the U.S. healthcare sector. Over 100 million individuals were impacted due to service outages, with hospitals, pharmacies, and insurers facing delays in billing, reimbursements, and patient care. The company paid a $22 million ransom, but total financial losses ballooned to an estimated $2 billion, factoring in operational downtime, recovery costs, and reputational damage. The attack exposed vulnerabilities in third-party supply chains, as the breach originated from compromised credentials in a connected vendor system. Regulatory scrutiny intensified, with federal investigations probing compliance failures under HIPAA and cybersecurity negligence. The incident underscored the escalating threat of RaaS (Ransomware-as-a-Service) models, where affiliate hackers leverage sophisticated tools to target high-value sectors like healthcare, exploiting systemic interdependencies for maximum disruption.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MARCH 2023
842
Cyber Attack
01 Mar 2023 • UnitedHealth Group
UnitedHealth Group
Cyber Incident at Change Healthcare
827
CRITICAL-15
UNI315051324
In late February, UnitedHealth Group's subsidiary Change Healthcare suffered a notable cyber incident, causing considerable disruptions within the healthcare system. This breach has impeded healthcare operations nationwide, most critically affecting the ability to submit claims and receive payments. The incident has drawn significant concern from various stakeholders within the healthcare community, raising cash flow issues among hospitals, doctors, pharmacies, and others. To mitigate the impact, the Centers for Medicare & Medicaid Services (CMS) have enacted several immediate measures to assist providers and ensure continued service to patients. The incident emphasizes the critical need for enhanced cybersecurity resilience throughout the healthcare ecosystem and has prompted the Department of Health and Human Services (HHS) to actively engage with federal bodies to provide threat intelligence to the industry and ensure a transparent, effective response to the cyberattack.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
JUNE 2011
843
Breach
28 Jun 2011 • UnitedHealth Group
UnitedHealthcare
UnitedHealth Group Data Breach
812
CRITICAL-31
UNI146072825
The California Office of the Attorney General reported a data breach involving UnitedHealth Group on March 30, 2012. The breach occurred from June 28, 2011 to December 12, 2011, potentially affecting personal information such as names, Social Security Numbers, and Medicare Healthcare Insurance Numbers, although the total number of individuals affected is unknown.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for UnitedHealth Group ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in June 2026 ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in May 2026 ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in April 2026 ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in March 2026 ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in February 2026 ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in January 2026 ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in December 2025 ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in November 2025 ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in October 2025 ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in September 2025 ??
What was UnitedHealth Group's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on UnitedHealth Group's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with UnitedHealth Group ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view UnitedHealth Group's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?