On August 14, 2025, the U.S. Department of Health and Human Services confirmed the scope of the February 2024 cyberattack on UnitedHealth Group’s tech unit, Change Healthcare. About 192.7 million individuals were affected, making this the largest healthcare data breach in U.S. history. Exposed data included insurance IDs, patient diagnoses, treatment records, Social Security numbers, and billing codes.
What Happened
The ransomware group BlackCat, also known as ALPHV, gained access using stolen employee credentials on a Citrix remote-access portal that did not use multi-factor authentication.
The attackers spent nine days inside the systems before deploying ransomware on February 21, 2024. During that time, they stole up to six terabytes of data. UnitedHealth paid 22 million dollars in ransom, expecting the data to be destroyed. Instead, the attackers kept or distributed it, a classic exit scam.
Breaches of This Scale Are No Longer Rare
The UnitedHealth incident is extreme in size but part of a pattern. In the past 18 months:
-
AT&T disclosed two breaches in 2024 that exposed about 182 million call and text records and affected 73 million customers.
-
The MOVEit Transfer exploit in May 2023 impacted over 2,700 organizations and leaked data related to about 93 million individuals.
-
The National Public Data breach in 2024 allegedly exposed billions of records spanning the United States, the United Kingdom, and Canada.
Each event shows that tens or hundreds of millions can be pulled into a breach at once.
What Consumers Can Do
Consumers whose information was exposed did nothing wrong but will bear the consequences. The stolen data can be used for identity theft, medical fraud, account takeovers, or to build synthetic identities.
Steps individuals should consider:
-
Monitor accounts for unusual activity.
-
Watch for phishing attempts that may use details from the breach to look more convincing.
-
Enroll in credit or identity monitoring services to detect suspicious activity quickly.
Why Financial Institutions Should Pay Attention
Significant breaches in healthcare or telecom eventually flow into financial services. When identifiers such as Social Security numbers and addresses are exposed, they are reused to open fraudulent accounts or hijack existing ones.
Banks and credit unions cannot stop breaches at outside firms, but they can position themselves as their customers’ first line of help. Offering identity monitoring, restoration, and proactive fraud alerts gives consumers a place to turn when data leaks they cannot control put them at risk.
The Broader Reality
Nearly every consumer has already had sensitive information compromised somewhere. The question is not if their data will be misused but when. For financial institutions and credit unions, the challenge is deciding whether to react to fraud after the fact or equip customers with protection before it happens.