Description: The California Office of the Attorney General reported a data breach incident involving OptumRx on April 8, 2016. The breach occurred on March 16, 2016, when an unencrypted laptop belonging to a vendor was stolen in Indianapolis, Indiana, potentially exposing names, addresses, health plan information, prescription drug details, and in some cases, dates of birth. Approximately UNKN individuals were affected, and no financial information was compromised.

Description: The Optum incident exemplifies the risks of consolidating healthcare systems, where a cyberattack paralyzed medical billing and authorization services, resulting in patients experiencing delays in medical procedures and lack of access to prescription medications. Medical service providers could not bill insurance, leading to financial strain, missed salary payments, and some cases of severe financial difficulties. With a single point of failure due to consolidated services, a large portion of health systems and patient care became vulnerable to cyber threats.

Description: The California Office of the Attorney General reported a data breach involving UnitedHealth Group on March 30, 2012. The breach occurred from June 28, 2011 to December 12, 2011, potentially affecting personal information such as names, Social Security Numbers, and Medicare Healthcare Insurance Numbers, although the total number of individuals affected is unknown.

Description: UnitedHealth Group Inc. experienced a substantial cybersecurity breach at its Change Healthcare unit, leading to significant financial repercussions. The breach resulted in immediate response costs and broader business disruption, totaling approximately $872 million in the first quarter, with projections of the total pre-tax cost reaching between $1.35 billion and $1.6 billion. Additionally, UnitedHealth is allocating $800 million as claims reserves, to address potential claims from providers due to interrupted services since the breach was reported on February 21. The breach has affected both the network security of Change Healthcare and the continuity of services to providers and partners.

Description: UnitedHealth Group, parent company of Change Healthcare, reported a cyber-attack affecting 190 million individuals, an increase of 90 million from initial reports. As one of the largest healthcare payment processors, this incident is the most severe healthcare data breach of 2024. The breach, perpetrated by ransomware group ALPHV/Blackcat, led to substantial financial consequences with costs reaching $3.1 billion, according to the company's financial results. This breach has not only compromised the personal information of millions but also resulted in multiple lawsuits against UnitedHealth Group.

Description: In late February, UnitedHealth Group's subsidiary Change Healthcare suffered a notable cyber incident, causing considerable disruptions within the healthcare system. This breach has impeded healthcare operations nationwide, most critically affecting the ability to submit claims and receive payments. The incident has drawn significant concern from various stakeholders within the healthcare community, raising cash flow issues among hospitals, doctors, pharmacies, and others. To mitigate the impact, the Centers for Medicare & Medicaid Services (CMS) have enacted several immediate measures to assist providers and ensure continued service to patients. The incident emphasizes the critical need for enhanced cybersecurity resilience throughout the healthcare ecosystem and has prompted the Department of Health and Human Services (HHS) to actively engage with federal bodies to provide threat intelligence to the industry and ensure a transparent, effective response to the cyberattack.

Description: United Health Group encountered severe financial and operational disruptions due to the cyberattack on its subsidiary, Change Healthcare. The attack impaired medical billing and pre-authorization services, causing healthcare procedures to be delayed and prescriptions to be inaccessible. This led to delayed income for healthcare systems, impacting their ability to pay staff and potentially forcing some into financial turmoil. The resultant lack of care and delayed procedures may have affected patient health outcomes.

Description: UnitedHealth Group’s subsidiary **Change Healthcare** suffered a **massive cyberattack** in February 2024, attributed to the **Blackcat (ALPHV) ransomware group**. The attack crippled critical systems, disrupting **billing, claims processing, and prescription services** across the U.S. healthcare sector. Hospitals, pharmacies, and providers faced **payment processing outages**, delaying patient care and financial transactions. The breach also exposed **sensitive patient data**, including medical records and personally identifiable information (PII), though the full scope of data theft remains under investigation. UnitedHealth was forced to **isolate affected systems**, leading to prolonged operational disruptions. The incident triggered **federal investigations**, with the U.S. Department of Health and Human Services (HHS) and the FBI involved. The financial and reputational damage was severe, with **stock drops** and **lawsuits** from affected parties. The attack underscored vulnerabilities in healthcare IT infrastructure, raising concerns about **future ransomware threats** to critical services.

Description: The ransomware attack on Change Healthcare, a component of UnitedHealth Group, reported on February 21, has been notably disruptive within the healthcare industry. This cyberattack is projected to result in financial damages approximating $1.6 billion. The incident has caused considerable perturbation amid providers contending with its extensive repercussions. Recovery efforts are hampered by the lack of clear communication from United Health and Change Healthcare, as providers await definitive instructions from the OCR regarding their reporting duties under HIPAA for this breach.

Description: UnitedHealth Group, the parent company of Change Healthcare, was affected by a ransomware attack that resulted in substantial operational disruption across the healthcare sector. Costs associated with the breach are projected to reach $1.6 billion. This breach compelled healthcare organizations to seek clarifications on their reporting obligations under HIPAA. While the extent of the compromised personal health information (PHI) is still being assessed, the situation highlights the complex challenges involved in managing and securing sensitive healthcare information in the digital age, alongside navigating the intricacies of legal and regulatory compliance.

Description: UnitedHealth faced a significant ransomware attack where its subsidiary, Change Healthcare, was compromised. The attack disrupted pharmacy operations, leading to chaos and a desperate need to fill prescriptions. UnitedHealth ultimately paid $22 million in bitcoin to the ALPHV/BlackCat gang to restore services quickly.

Description: UnitedHealth Group experienced a ransomware attack on February 21, which disrupted their services including medical claim handling and revenue cycle services. This resulted in severe delays in processing claims, pushing healthcare providers towards financial distress, with some nearly facing bankruptcy. The attack by the group BlackCat forced UnitedHealth to rebuild services and affected providers have started filing lawsuits due to not maintaining adequate cybersecurity measures, with allegations of sensitive information leaks. UnitedHealth has paid over $2 billion to affected providers and the data compromised in the attack remains undisclosed.

Description: The California Office of the Attorney General reported that UnitedHealthcare experienced a data breach affecting individuals' health information. The breach was detected on December 29, 2022, and it involved unauthorized access to the UHC broker portal, affecting information from December 1, 2022, to January 25, 2023. The breach potentially exposed first and last names, member ID numbers, plan effective dates, and other plan-related information, but not Social Security numbers or financial account information.

Description: On January 28, 2013, the California Office of the Attorney General reported a data breach involving RR Donnelley, which included the theft of an unencrypted computer containing personal information of UnitedHealthcare members. The specific date of the breach is unknown, but it occurred sometime between the second half of September and the end of November 2012. The information potentially compromised includes names, addresses, and Social Security numbers, and approximately 2003 health benefit plan members were affected.

Description: The company experienced a data breach after filing official documents with the Attorney General of Texas. The breach resulted in the names, addresses, health insurance information, and medical information being compromised. Leaked healthcare data was indeed protected healthcare information. They had sufficient information about a patient to carry out healthcare identity fraud.

Description: The CEO of UnitedHealthcare, Brian Thompson, was fatally shot in an incident involving Luigi Mangione, who was arrested in Pennsylvania. The shooter allegedly left behind bullet casings with words indicating a protest against healthcare insurance claim denials. The perpetrator carried a manifesto critical of healthcare companies' focus on profits over patient care. The case has drawn significant media attention, impacting the company’s reputation and possibly causing a financial setback due to concerns over the safety of its executives, potential legal issues, and the necessity for increased security measures.

Description: The Washington State Office of the Attorney General reported a data breach involving UnitedHealthcare on August 25, 2023. The breach, which was a ransomware attack discovered on April 17, 2023, affected approximately 1,025 Washington residents and involved compromised information including names, Social Security numbers, dates of birth, health insurance information, and medical information.