(Reuters) – The February hack at UnitedHealth’s tech unit Change affected the personal information of 100 million people, the U.S. health department’s website showed, making it the largest healthcare data breach in the country.
UnitedHealth has previously said that hackers potentially stole a third of Americans’ data in one of the worst hacks to hit the U.S. healthcare sector. The company began notifying affected patients in June.
UnitedHealth did not immediately respond to a Reuters request for comment.
The number of impacted people was posted on a list of data breaches maintained by the U.S. Department of Health & Human Services’ office for civil rights.
A breach at the health insurer Anthem — now known as Elevance Health — in 2015 impacted nearly 79 million people in the U.S.
The Change unit was breached by a hacking group called ALPHV, also known as “BlackCat.” UnitedHealth first reported the breach on Feb. 21.
The breach caused widespread disruptions in claims processing, impacting patients and providers across the country.
In June, UnitedHealth issued a public notice about the ransomware hack as part of its requirements to notify the estimated one-third of the country whose private data may have been exposed in the attack.
At the time, the company said that while it cannot confirm the nature of data affected by the breach, it could include health insurance member IDs, patient diagnoses, treatment information and social security numbers, as well as billing codes used by providers.
Earlier this month, the company forecast a business disruption impact of $705 million this year from the hack that caused massive payment and other disruptions across the U.S. UnitedHealth issued billions of dollars in loans to providers affected by the hack and incurred costs related to notifying customers of the breach.
(Reporting by Manas Mishra and Mariam Sunny in Bengaluru; Editing by Alan Barona)