Was UnitedHealth Group hacked?

Yes. The UnitedHealth Group breach occurred on February 21, 2024, affecting 100 million records.

What data was exposed in the UnitedHealth Group breach?

The 2024 UnitedHealth Group breach via Change Healthcare affected over 100 million people. Learn what health data was exposed.

What should I do if I was affected by the UnitedHealth Group data breach?

Check if your data was exposed using our free tool, change your passwords, enable two-factor authentication, and monitor your accounts for suspicious activity.

UnitedHealth Group Data Breach

Critical Severity 100 million records affected Published February 10, 2026

Company	UnitedHealth Group
Breach Date	February 21, 2024
Disclosure Date	April 22, 2024
Records Affected	100 million

UnitedHealth Group, the parent company of Change Healthcare, confirmed one of the largest healthcare data breaches in U.S. history in 2024. The ALPHV/BlackCat ransomware attack on its Change Healthcare subsidiary affected over 100 million individuals and disrupted healthcare operations nationwide.

What Happened

On February 21, 2024, the ALPHV/BlackCat ransomware group attacked Change Healthcare, a key healthcare payment processing subsidiary of UnitedHealth Group. Attackers gained entry through a Citrix remote access portal using stolen credentials that lacked multi-factor authentication. The attack shut down Change Healthcare's systems for weeks, disrupting pharmacy operations, insurance claims processing, and provider payments across the U.S. healthcare system. UnitedHealth Group CEO Andrew Witty confirmed a $22 million ransom payment. The company estimated the total cost of the breach at over $870 million.

What Data Was Exposed

Social Security numbers
Health insurance information and policy numbers
Medical records and diagnoses
Billing and claims data
Banking and payment information
Personal identifiers (names, addresses, dates of birth)

Who Is Affected

Over 100 million Americans whose data was processed through Change Healthcare's systems. This includes patients, healthcare providers, pharmacies, and insurers across the entire U.S. healthcare ecosystem. About one-third of all Americans may have been affected.

How to Check If You Were Affected

UnitedHealth Group began notifying affected individuals in late 2024 via mail. Visit changehealthcaresupport.com for information and to check your status. You can also call the dedicated support line at 1-866-262-5342. Contact your healthcare provider or insurer to ask if they used Change Healthcare for claims processing.

What You Should Do Now

Enroll in the free identity monitoring services offered by UnitedHealth Group
Place a credit freeze with all three major credit bureaus
Monitor your health insurance Explanation of Benefits for unauthorized claims
Report suspicious medical bills to your insurance provider
File a complaint with HHS Office for Civil Rights if your data was misused
Watch for medical identity theft attempts
Consider placing a fraud alert on your credit file

Last updated: February 10, 2026