The CEO of UnitedHealthcare, Brian Thompson, was fatally shot in an incident involving Luigi Mangione, who was arrested in Pennsylvania. The shooter allegedly left behind bullet casings with words indicating a protest against healthcare insurance claim denials. The perpetrator carried a manifesto critical of healthcare companies' focus on profits over patient care. The case has drawn significant media attention, impacting the company’s reputation and possibly causing a financial setback due to concerns over the safety of its executives, potential legal issues, and the necessity for increased security measures.

The Washington State Office of the Attorney General reported a data breach involving UnitedHealthcare on August 25, 2023. The breach, which was a ransomware attack discovered on April 17, 2023, affected approximately 1,025 Washington residents and involved compromised information including names, Social Security numbers, dates of birth, health insurance information, and medical information.

The California Office of the Attorney General reported that UnitedHealthcare experienced a data breach affecting individuals' health information. The breach was detected on December 29, 2022, and it involved unauthorized access to the UHC broker portal, affecting information from December 1, 2022, to January 25, 2023. The breach potentially exposed first and last names, member ID numbers, plan effective dates, and other plan-related information, but not Social Security numbers or financial account information.

The company experienced a data breach after filing official documents with the Attorney General of Texas. The breach resulted in the names, addresses, health insurance information, and medical information being compromised. Leaked healthcare data was indeed protected healthcare information. They had sufficient information about a patient to carry out healthcare identity fraud.

Rhode Island State Employees Receive Settlement Payments After 2021 Data Breach Current and former Rhode Island state employees have begun receiving payments from a settlement tied to a 2021 data breach involving the Rhode Island Public Transit Authority (RIPTA) and UnitedHealthcare. The breach, attributed to a hacker group with Russian ties, exposed the personal and healthcare information of approximately 20,000 public employees. In August 2021, RIPTA paid a $170,000 ransom to the hackers. A subsequent class-action lawsuit, filed by the ACLU of Rhode Island in 2022, alleged that both RIPTA and UnitedHealthcare failed to adequately protect or destroy sensitive employee data. The case was settled last year, with affected workers eligible for compensation. Claimants could request reimbursement for out-of-pocket expenses (up to $1,000), lost time (up to $60 for four hours), and extraordinary losses such as identity theft or fraud (up to $7,500). Additionally, five years of credit monitoring valued at approximately $840 per person was offered, though it remains unclear how many employees utilized the service. Initial estimates suggested average payouts of around $100 per person, but fewer claims than expected led to higher-than-anticipated distributions, averaging over $400 per claimant. Some recipients expressed skepticism about the legitimacy of the payments, prompting assurances from class-action attorney Peter Wasylyk, who confirmed the funds were valid. The settlement underscores the financial and operational fallout of the breach, which compromised sensitive employee data and resulted in significant ransom demands. The case highlights ongoing vulnerabilities in public-sector cybersecurity and the legal consequences of inadequate data protection measures.

On January 28, 2013, the California Office of the Attorney General reported a data breach involving RR Donnelley, which included the theft of an unencrypted computer containing personal information of UnitedHealthcare members. The specific date of the breach is unknown, but it occurred sometime between the second half of September and the end of November 2012. The information potentially compromised includes names, addresses, and Social Security numbers, and approximately 2003 health benefit plan members were affected.