Inside the Change Healthcare Ransomware Attack: A Detailed Timeline of Events

The February 2024 ransomware attack on Change Healthcare, a subsidiary of UnitedHealth, has been recognized as the largest data breach of health and medical information in U.S. history. This incident has raised significant concerns about cybersecurity in the healthcare sector and has impacted approximately 190 million individuals across America, nearly double the initial estimates provided by the company.

Overview of the Change Healthcare Data Breach

Change Healthcare, a company that processes billing and insurance for a vast network of hospitals, pharmacies, and medical practices, confirmed in January 2025 that sensitive health information was compromised. The company reached out to millions of affected individuals via mail and issued a public notice for those whose contact details were unavailable.

The Impact of the Ransomware Attack

As one of the largest processors of health data in the U.S., Change Healthcare plays a critical role in managing healthcare transactions. Following a series of mergers and acquisitions, it now handles a significant volume of sensitive medical data. Here’s a timeline of key events following the ransomware incident:

• February 21, 2024: Outages reported as security incident unfolds. Change Healthcare experienced widespread billing system failures, prompting the company to implement security protocols.
• February 29, 2024: UnitedHealth identifies the attack as a ransomware incident linked to the ALPHV/BlackCat gang, a known Russian-speaking cybercriminal organization.
• March 3-5, 2024: The hackers reportedly vanish after receiving a ransom payment of $22 million, leaving the stolen data intact.
• March 13, 2024: Ongoing disruptions impact pharmacies and healthcare providers, affecting patients’ access to medications.
• March 28, 2024: The U.S. government increases its bounty to $10 million for information leading to the capture of ALPHV gang members.
• April 15, 2024: A new extortion group called RansomHub emerges, demanding another ransom and threatening to publish sensitive patient records.
• April 22, 2024: UnitedHealth acknowledges a substantial data breach affecting a significant portion of the American population.
• May 1, 2024: UnitedHealth’s CEO testifies that basic cybersecurity measures were not in place to prevent the breach.
• June 20, 2024: Change Healthcare begins notifying affected individuals as required by HIPAA regulations.
• October 24, 2024: UnitedHealth confirms that at least 100 million people are affected by the breach.
• January 24, 2025: Change Healthcare revises the number of affected individuals to 190 million.

Understanding the Risks of Ransomware in Healthcare

The Change Healthcare incident underscores the vulnerabilities within the healthcare sector regarding cybersecurity. Ransomware gangs often target organizations that handle sensitive data, and the impact of such breaches can be profound. Here are some key points to consider:

• Financial Motives: Cybercriminals are typically motivated by financial gain, employing various tactics to extort payment from organizations.
• Data Sensitivity: The healthcare industry deals with highly sensitive information, making breaches particularly damaging.
• Regulatory Compliance: Organizations must adhere to regulations like HIPAA to protect patient information and avoid legal repercussions.

Conclusion

The Change Healthcare data breach serves as a stark reminder of the importance of robust cybersecurity measures within the healthcare sector. Organizations must prioritize the protection of sensitive patient information to mitigate risks associated with ransomware and other cyber threats. For more information on healthcare cybersecurity best practices, visit HHS HIPAA or check out this article on cybersecurity in healthcare.

Stay informed about the latest developments in healthcare cybersecurity by following reliable news sources and updates from organizations like HealthIT.gov.