(Reuters) -The cyberattack at UnitedHealth Group’s tech unit last year affected the personal information of 190 million people, the health conglomerate said on Friday, making it the largest healthcare data breach in the United States.
The hack at Change Healthcare affected the personal information of 100 million people, the U.S. health department had posted on its website in October.
The final number will be confirmed and filed with the U.S. Department of Health and Human Services’ office for civil rights at a later date, the company said in an emailed statement.
The cyberattack disclosed in February at Change Healthcare was perpetrated by hackers who identified themselves as the “Blackcat” ransomware group, causing widespread disruptions in claims processing and impacting patients and providers across the country.
“Change Healthcare is not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis,” the company said, adding that it has provided individual or substitute notice to the “vast majority” of those impacted.
The company issued a public notice about the ransomware hack in June last year as part of its requirements under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA regulation requires companies to notify patients of data exposures.
Information made vulnerable in the UnitedHealth attack is believed to include health insurance member IDs, patient diagnoses, treatment information and social security numbers, as well as billing codes used by providers.
(Reporting by Mariam Sunny in Bengaluru; Editing by Alan Barona, Muralikumar Anantharaman and Diane Craft)
