The Change Healthcare cyber attack, one of the largest healthcare data breaches in history, disrupted the U.S. healthcare system in 2024.
As of June 28, 2025, recovery efforts continue, with significant updates on the Change Healthcare cyber attack update today. This article explores the incident, its impact, and ongoing efforts to address it.
What Happened in the Change Healthcare Cyber Attack?
On February 21, 2024, Change Healthcare, a subsidiary of UnitedHealth Group, detected a ransomware attack.
The attack, led by the ALPHV/BlackCat gang, encrypted systems and stole sensitive data. It affected billing, claims, and patient care across the U.S.
The breach compromised the data of approximately 190 million people. Change Healthcare processes 15 billion transactions annually, touching one in three patient records. The attack disrupted hospitals, pharmacies, and providers nationwide.
Immediate Impact on Healthcare Providers
The cyber attack halted critical operations like claims processing and prior authorizations. Hospitals reported delays in patient care and billing. A March 2024 survey by the American Hospital Association found 94% of hospitals faced financial impacts.
Providers lost an estimated $6.3 billion in claims in the first three weeks. Smaller practices struggled with cash flow, risking closure. Pharmacies faced delays in filling prescriptions, affecting patient access.
Key Impacts on Providers
- Financial Losses: 33% of hospitals reported over half their revenue disrupted.
- Patient Care Delays: 74% of hospitals noted impacts on direct patient care.
- Operational Challenges: Recovery took weeks to months for many providers.
- Cash Flow Issues: Small practices faced severe financial strain.
These effects highlighted the healthcare system’s reliance on Change Healthcare. The attack exposed vulnerabilities in third-party vendors. Providers scrambled to find workarounds to maintain operations.
Financial Toll on UnitedHealth Group
The Change Healthcare cyber attack update today reveals a significant financial hit. UnitedHealth Group reported $3.1 billion in costs for 2024, including $1.7 billion in direct response expenses. This exceeded initial estimates of $2.3–$2.45 billion.
UnitedHealth paid a $22 million ransom to ALPHV/BlackCat to protect stolen data. Despite this, another group, RansomHub, later demanded payment, claiming to hold the data. The financial burden continues to affect the company’s bottom line.
Cost Breakdown (2024)
| Category | Amount |
|---|---|
| Direct Response Costs | $1.7 billion |
| Total Cyber Attack Impacts | $3.1 billion |
| Ransom Payment | $22 million |
| Revenue Increase (Year-over-Year) | $8.5 billion |
This table shows the attack’s financial scale. Despite revenue growth, the costs strained UnitedHealth’s profits. The company continues to support affected providers through funding programs.
Data Breach and Notifications
The attack exposed sensitive data, including personal and health information. By January 2025, Change Healthcare estimated 190 million people were affected, nearly double the initial 100 million estimate. This makes it the largest healthcare data breach reported to federal regulators.
Notifications began in June 2024, with letters sent to affected individuals by late July. As of January 2025, approximately 130 million notices were mailed. Change Healthcare offers free credit monitoring to those impacted.
Regulatory and Legal Responses
The Department of Health and Human Services (HHS) launched an investigation in March 2024. It focused on whether Change Healthcare and UnitedHealth complied with HIPAA rules. The Office for Civil Rights (OCR) oversees the probe, emphasizing breach reporting.
Over 50 lawsuits were consolidated in Minnesota, targeting UnitedHealth for failing to protect data. A hearing is scheduled for June 12, 2025. Lawmakers have called for stronger cybersecurity regulations to prevent future attacks.
Government Actions
The federal government took steps to mitigate the attack’s impact. CMS extended the 2023 MIPS data submission deadline to April 15, 2024. It also offered advance payments to providers facing cash flow issues.
HHS urged UnitedHealth to expedite notifications and support providers. A December 2024 proposed HIPAA Security Rule update mandates stronger protections, like multifactor authentication (MFA). Public comments on the rule are open until March 7, 2025.
Cybersecurity Lessons Learned
The Change Healthcare cyber attack update today underscores critical cybersecurity gaps. The breach occurred due to a lack of multifactor authentication on a Citrix remote access server. UnitedHealth CEO Andrew Witty admitted this oversight in a May 2024 Senate hearing.
The attack highlighted the healthcare system’s reliance on single vendors. Experts call for better vendor redundancy and resiliency planning. Hospitals are now focusing on clinical continuity during outages.
Steps to Improve Cybersecurity
- Implement MFA: Multifactor authentication is now a standard at UnitedHealth.
- Vendor Redundancy: Providers are urged to diversify third-party vendors.
- Resiliency Planning: Hospitals are preparing for prolonged outages.
- Regulatory Updates: Proposed HIPAA rules aim to enforce stricter controls.
These measures aim to prevent similar incidents. Smaller providers, however, worry about the cost of new mandates. The industry is rethinking its approach to cybersecurity.
Provider Recovery Efforts
Providers faced months of recovery after the attack. Change Healthcare restored its electronic payments platform by March 15, 2024. Medical claims software resumed testing by March 18, 2024.
UnitedHealth offered a Temporary Funding Assistance Program to help providers. However, the American Medical Association criticized its strict repayment terms. Smaller practices still struggle with lost revenue.
Public and Industry Reaction
The attack sparked outrage among providers and patients. Social media posts in 2024 highlighted delays in care and billing. The American Hospital Association called it the most significant cyber attack in U.S. healthcare history.
Lawmakers, including Sen. Ron Wyden, criticized the industry’s self-regulation. They argue it leaves healthcare vulnerable to hackers. The attack has fueled calls for federal cybersecurity reforms.
Ongoing Challenges in 2025
As of June 28, 2025, the Change Healthcare cyber attack update today shows lingering effects. Some providers still face delays in claims processing. Smaller practices report ongoing financial strain.
UnitedHealth continues to notify affected individuals, with mailing ongoing. The company claims no misuse of stolen data has been identified. However, the scale of the breach remains a concern.
UnitedHealth’s Response Strategy
UnitedHealth has taken steps to address the attack’s fallout. It launched a provider portal to share updates on claims and prior authorizations. The company also suspended some Medicare Advantage prior authorizations in 2024.
Change Healthcare’s investigation is nearly complete, with no additional affected customers expected. The company is working with regulators to finalize breach reports. Free credit monitoring remains available for impacted individuals.
Future Implications for Healthcare
The Change Healthcare cyber attack update today highlights the need for stronger cybersecurity. The industry’s reliance on third-party vendors poses risks. Hospitals are now prioritizing emergency preparedness and vendor diversification.
Proposed regulations may mandate stricter security controls. However, smaller providers worry about compliance costs. The attack has reshaped how healthcare approaches data protection.
Summary
The Change Healthcare cyber attack, starting February 21, 2024, disrupted U.S. healthcare, affecting 190 million people. It caused financial losses, care delays, and a $3.1 billion hit to UnitedHealth Group.
The Change Healthcare cyber attack update today shows ongoing recovery efforts, with notifications nearly complete. Providers face challenges, but new cybersecurity measures and regulations aim to prevent future breaches.
FAQ
What caused the Change Healthcare cyber attack?
The attack, led by the ALPHV/BlackCat gang, exploited a lack of multifactor authentication. It encrypted systems and stole data, impacting 190 million people. Change Healthcare shut down systems to limit further damage.
How did the attack affect healthcare providers?
Providers faced delays in claims, billing, and patient care. A survey showed 94% of hospitals had financial impacts, with $6.3 billion in lost claims. Smaller practices struggled with cash flow.
What is the latest Change Healthcare cyber attack update today?
As of June 28, 2025, Change Healthcare has notified 130 million individuals. The company estimates 190 million were affected, with no misuse reported. Recovery and notifications continue.
What steps is UnitedHealth taking to recover?
UnitedHealth restored key systems by March 2024 and offers credit monitoring. It launched a funding program for providers but faced criticism for repayment terms. The company is improving cybersecurity.
Are there new regulations after the attack?
HHS proposed updates to the HIPAA Security Rule in December 2024. These mandate multifactor authentication and encryption. Public comments are open until March 7, 2025.