What You Need to Know about the UnitedHealth Group Data Breach
Table of Contents
- Published: Aug 20, 2025
- Last Updated: Aug 20, 2025
UnitedHealth was established as CharterMed Incorporated in 1974 in Minnesota by Richard Burke and a team of healthcare professionals. It was reorganized and renamed UnitedHealth in 1998, indicating diversity from typical insurance services to incorporate more healthcare options. At present, UnitedHealth operates as the Healthcare branch, which offers health insurance coverage, and Optum, which affords tech-centered health services.
The latter includes direct patient care, pharmacy care, and data analytics. The binary structuring has allowed the firm to set a vertically integrated healthcare ecosystem serving millions of consumers. In 2022, United Health Group acquired Change Healthcare, and Optum integrated it. This platform processes the organization’s insurance claims.
UnitedHealth Group has approximately 380,000 employees, with revenue exceeding $400 billion. The organization has become one of the world’s largest healthcare companies in revenue. Its market scope and presence significantly influence the United States healthcare system. From 2024 February 17 to the 20th, ransomware hackers attacked Change Healthcare’s tech unit. These hackers gained access by exploiting an exposed Citrix remote access service. This service lacked multifactor authentication, allowing criminals to use stolen employee credentials to access their network.
When Was the UnitedHealth Group Data Breach?
The UnitedHealth Group data breach became apparent on February 21, 2024, when its Optum division discovered ransomware in its systems. The forensic investigation determined that the threat actors had unauthorized access to the organization’s networks from the 17th. The ALPHV or BlackCat group claimed responsibility for the attack. They gained access via a vulnerable Citrix remote access service, which did not have multifactor authentication.
On March 7, Change Healthcare confirmed the data breach had happened, and by April 22, the company acknowledged that a significant part of the population would be affected. The initial estimate of the affected was 100 million, but this was revised to 192.7 million by August 2025. This makes it the most significant data breach ever reported.
How to Check If Your Data Was Breached
Considering the extent of the breach, there is a significant chance you were one of those impacted in the United States. You could take several proactive steps. The most direct would be to check for official notification. UnitedHealth must send a detailed letter via mail to those whose personally identifiable information was exposed during the incident. Due to the scope of the breach, the notification process has been going on in waves through 2024 and 2025. You could monitor credit accounts if you have not yet received official communication.
UnitedHealth has also set up a call center and website to assist the impacted people. Regularly assess statements from your health insurance, bank, and credit card accounts for unauthorized transactions or services you did not get. The organization offers two years of complimentary credit monitoring and identity theft protection through Experian.
You may also check for exposed data using reliable online tools such as Have I Been Pwned. To see if any of your information has been compromised, you only need to enter a name, birthdate, and email address. However, it is also advisable to determine the trustworthiness of any online tool before offering personal details.
What to Do if Your Data Was Breached
If there is a strong reason to believe the data was exposed during the breach, immediate action is essential to reduce the risks. The first thing would be to enroll in 24 months of free protection services via Experian. These can be activated by visiting Change Healthcare’s official response site. The other thing is to set a fraud alert and initiate a credit freeze with the main credit facilities. A fraud alert warns creditors to verify your identity before opening new accounts. Freezing will lock the credit account down from further transactions.
It will also prevent new accounts from being opened. Monitor your medical and financial accounts regularly for any problematic activity, and check all credit card transactions. Any fraudulent activity should immediately be reported to the financial institutions, your health insurance, and the Federal Trade Commission.
Are There Any Lawsuits Because of the Data Breach?
The Change Healthcare data breach has triggered significant litigation against Optum and Change Healthcare. Dozens of class action lawsuits have already been filed and consolidated in a multidistrict litigation motion. This is proceeding in the District Court of Minnesota. The claimants have cited negligence and Change Healthcare’s failure to have basic security measures like multifactor authentication on the Citrix portal. It also delayed issuing notifications to the affected persons, as the breach happened in February, but official notifications began going out in July 2024.
Medical practices like Odom Health and Wellness and the Dillman Clinic in Minnesota have also filed suits, saying the cyberattacks' fallout caused significant financial loss because of the frozen claims processing. The Nebraska Attorney General then filed the first state-led lawsuit in December 2024, accusing the company of violating state consumer protection and data security statutes by not protecting citizens' data.
Can My Change Healthcare Information Be Used for Identity Theft?
Yes, the personal health information stolen during the Change Healthcare data breach may be used for medical identity theft. The data stolen included names, birthdates, member or group ID, insurance details, diagnoses, medicines, and billing information. These details would enable criminals to commit fraud by submitting fake insurance claims or getting medical prescriptions under the victim’s name. This can exhaust a person’s benefits or corrupt medical records.
What can you do to Protect Yourself Online
Following massive data breaches like the one experienced by Change Healthcare, taking the initiative to protect your behavior is more important than ever. The best thing is to adopt a multi-layered approach to online security. This would reduce the overall risk of becoming a victim of identity theft. The following are some of the recommended ways you could safeguard your data.
- Enroll in the Offered Protection: Change Healthcare provides 24 months of identity protection and credit monitoring to those affected by the breach.
- Set a Fraud Alert or Credit Freeze: Depending on how much data was exposed, you could set a credit freeze to stop accounts from being opened, or a fraud alert. The latter reports suspicious activity and sets a check with creditors.
- Use Strong Passwords: change the passwords on your device where you access the Change Healthcare account. You can use unique passwords or a manager to generate and store complex credentials.
- Enable Multifactor Authentication (MFA): MFA requires a second form of verification during account access. This functions as an extra layer of security for online accounts and reduces the risk of exposure, as would have been the case with the company.
- Be Wary of Phishing: Unsolicited emails or calls asking for information should be flagged immediately, especially if they ask for personal data. Legitimate companies do not ask for sensitive data this way.
