Massive Healthcare Data Breaches Expose 26M+ Records

- The ransomware group ALPHV/BlackCat was behind the Change Healthcare attack, which began on February 21, 2024. The attackers gained access on February 12 via a Citrix remote access portal that was not protected by multi-factor authentication. - UnitedHealth Group, Change Healthcare's parent company, paid a $22 million ransom in Bitcoin to the attackers. Despite the payment, a dispute arose between ALPHV/BlackCat and an affiliate, and another ransomware group called RansomHub later claimed to possess the stolen data and attempted further extortion. - The financial fallout for UnitedHealth Group in the first quarter of 2024 was $872 million, with the total impact for the year projected to be between $1.35 billion and $1.6 billion. The attack disrupted 94% of hospitals financially and impacted patient care in 74% of hospitals surveyed. - The Conduent breach involved an unauthorized party accessing its systems from October 21, 2024, to January 13, 2025. The ransomware group Safepay claimed responsibility in February 2025, stating they had stolen over 8 terabytes of data. - Investigations into the Conduent breach were launched by the Attorneys General of Texas and Montana. The Texas AG called it "likely the largest breach in U.S. history," although the Change Healthcare breach affected more individuals. - The use of hardcoded, or embedded, credentials is a significant security vulnerability because if the code is accessed, the credentials can be easily extracted, bypassing other security measures. This allows attackers to gain unauthorized access to systems and data. - Credential-based attacks, often originating from phishing emails, have become the most common vector for breaches in the healthcare sector. The number of reported breaches in healthcare more than doubled from 237 in 2024 to 502 in 2025.