UnitedHealth gave hackers easy access to Change data, new lawsuit claims - Insurance News | InsuranceNewsNet

InsuranceNewsNet — Your Industry. One Source.™

Sign in
  • Subscribe
  • About
  • Advertise
  • Contact
Home Now reading Top Stories
Topics
    • Advisor News
    • Annuity Index
    • Annuity News
    • Companies
    • Earnings
    • Fiduciary
    • From the Field: Expert Insights
    • Health/Employee Benefits
    • Insurance & Financial Fraud
    • INN Magazine
    • Insiders Only
    • Life Insurance News
    • Newswires
    • Property and Casualty
    • Regulation News
    • Sponsored Articles
    • Washington Wire
    • Videos
    • ———
    • About
    • Meet our Editorial Staff
    • Advertise
    • Contact
    • Newsletters
  • Exclusives
  • NewsWires
  • Magazine
  • Newsletters
Sign in or register to be an INNsider.
  • AdvisorNews
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Exclusives
  • INN Magazine
  • Insurtech
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Video
  • Washington Wire
  • Life Insurance
  • Annuities
  • Advisor
  • Health/Benefits
  • Property & Casualty
  • Insurtech
  • About
  • Advertise
  • Contact
  • Editorial Staff

Get Social

  • Facebook
  • X
  • LinkedIn
Health/Employee Benefits News
Top Stories RSS Get our newsletter
Order Prints
January 24, 2025 Top Stories
Share
Share
Post
Email

UnitedHealth gave hackers easy access to Change data, new lawsuit claims

Image shows the Change Healthcare logo and a UnitedHealthcare sign.
A group of 65 plaintiffs say they have suffered since the Change Healthcare data breach one year ago.
By John Hilton

A group of 65 plaintiffs are suing UnitedHealth Group, claiming that “massive security failures” led to the 2024 Change Healthcare data breach.

Optum, Inc. and Change are also named as defendants in the class-action lawsuit filed last week in U.S District Court for the District of Minnesota. Change announced last week that its review of the impacted data is "substantially complete."

“Had Defendants employed basic, long-established, and recommended security tools, the Data Breach should have been easily thwarted,” the lawsuit states. However, Change Healthcare’s remote access portal “did not have multi-factor authentication.”

As a result, hackers “had virtually no roadblocks in gaining access to the large quantities of Personal Information,” the lawsuit claims.

“We believe this lawsuit is baseless and we intend to defend ourselves vigorously,” a spokesperson for Optum said. A subsidiary of UnitedHealth Group, Optum functions as the health services and innovation arm of the company.

The 365-page includes extensive summaries of the impact on each of the plaintiffs, with repeated instances of fraudulent activity, hours spent on the phone with credit agencies and a significant increase in spam emails and scam attempts.

Plaintiffs come from all regions of the United States, including Hawaii and Alaska. Only one plaintiff is unnamed, a Chicago man who is HIV positive, and “deeply concerned about the release of this information against his consent and is particularly worried about the potential impact on his employment prospects and his relationships in his community,” the lawsuit states.

Plaintiffs are asking for compensatory and other damages, and for UnitedHealth to pay for a minimum of five years of credit-monitoring services for the entire class.

“Both before and after the Data Breach, Defendants repeatedly put their interests above those of the impacted patients,” the lawsuit says. “However, Defendants owed duties to Plaintiffs and Class members to implement and maintain reasonable and adequate security measures to secure, protect, and safeguard their Personal Information against unauthorized access and disclosure.”

Massive data breach

On Feb. 11, 2024, an affiliate of the BlackCat/ALPHV ransomware group gained access to the Change Healthcare network, and spent nine days inside the network stealing data before they used ransomware to encrypt files.

Change paid a $22 million ransom in bitcoin to prevent the publication of the stolen data. The ransomware group, however, reneged on the deal with Change to destroy the stolen data files, and retained the stolen data. The personal, health, and financial information of an estimated 100 million individuals was stolen in the attack.

Another ransomware group, RansomHub, confirmed that it possessed four terabytes of stolen data from the Change data breach and posted screenshots of the data on its dark web ransomware site, the lawsuit says.

“The hackers continue to attempt to extort Defendants out of additional ransom payments,” the lawsuit says. “Now that Defendants have recovered their own copies of the data allowing them to continue to monetize it, however, they appear less eager to pay any further ransom.”

UnitedHealth had more than 152 million customers at the time of the Feb. 17-20 data breach, which means about 45% of Americans have been affected. Multiple lawsuits have been filed against Change Healthcare, Optum Inc., and UnitedHealth Group, including one by the state of Nebraska.

During a conference call earlier this month, UnitedHealth Group executives cited the ransomware attack as a costly drain on revenues. The total cost of the response is now predicted to be between $2.3 billion and $2.45 billion, The HIPPA Journal recently reported.

The 65 plaintiffs fault UnitedHealth for paying the ransom, saying it “did nothing” to benefit affected victims.

“Defendants’ decision to pay a ransom runs counter to law enforcement’s recommendations, as nothing requires the hackers to keep their word that they will destroy the data after payment—and they often do not.”

Shareholder lawsuit

UnitedHealth is dealing with unhappy shareholders as well. The City of Hollywood Firefighters’ Pension Fund is the lead plaintiff in a class-action lawsuit claiming that UnitedHealth executives hid the notice of a Department of Justice investigation.

On Oct. 10, 2023, UnitedHealth received notice that the DOJ had launched a “non-public antitrust investigation into the company,” the lawsuit states.

“Concealing this material information from investors and the public, UnitedHealth chairman Stephen J. Hemsley and several other senior executives immediately took action – selling more than $100 million of their UnitedHealth stock at artificially inflated prices as the market and other investors remained unaware of the new federal antitrust investigation,” the lawsuit claims.

When the Wall Street Journal exposed the investigation in a Feb. 27, 2024 article, the price of UnitedHealth stock declined over $27 per share, falling from $525.32 per share on Feb. 26, 2024 to $498.28 on Feb. 28, 2024, the lawsuit notes.

© Entire contents copyright 2025 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.

John Hilton

InsuranceNewsNet Senior Editor John Hilton has covered business and other beats in more than 20 years of daily journalism. John may be reached at [email protected]. Follow him on Twitter @INNJohnH.

Older

Is technophobia costing RIAs millions in passive SEO leads?

Newer

BetterLife, CSA merger brings organizations with Czech-Slovak roots together

Advisor News

  • The overlooked retirement security risk that must be addressed
  • What advisors should know about hedge funds in retirement planning
  • Retirement control is top success measure for middle class, ACLI says
  • Industry groups applaud House passage of Financial Exploitation Prevention Act
  • Younger workers more likely to be eligible for a retirement plan after changing jobs
More Advisor News

Annuity News

  • Malibu Life Holdings Completes Acquisition of TruSpire, Establishing Malibu USA and Accelerating Entry into the U.S. Retail Annuity Market
  • Why job boards are failing insurance agencies
  • MassMutual Ranks No. 100 on the 2026 Fortune 500® List
  • What’s fueling record annuity growth?
  • Jackson Named InvestmentNews 2026 Annuities Provider of the Year
More Annuity News

Health/Employee Benefits News

  • Reports from Capital One AG Describe Recent Advances in Managed Care (Factors Affecting Medical Appointment Adherence among Adolescents and Young Adults with Kidney Disease: A Longitudinal Cohort Study): Managed Care
  • Studies from University of Alabama Further Understanding of Neurology (Understanding stroke caregiving in rural contexts: a qualitative study of family caregivers’ cultural values, coping behaviors, and technology use): Health and Medicine – Neurology
  • New state law will create more transparency of dental insurance benefits
  • Rob Sand pledges to reverse Iowa Medicaid privatization
  • Millions drop ACA coverage amid price jump
More Health/Employee Benefits News

Life Insurance News

  • NAIFA praises House committee approval of Clarity for Compensation Act
  • PHL Variable liquidation pushed out to 2027, Connecticut regulators say
  • ‘Recession-Proof’ Insurance Is Trending. Safety Net or Scam?
  • Winged Keel Group Expands National Presence and PPLI Leadership, Welcomes SBSI, Inc. (dba NFP Insurance Solutions)
  • MassMutual Ranks No. 100 on the 2026 Fortune 500® List
More Life Insurance News

NEWS INSIDE

  • Companies
  • Earnings
  • Economic News
  • INN Magazine
  • Insurtech News
  • Newswires Feed
  • Regulation News
  • Washington Wire
  • Videos

FEATURED OFFERS

Life moves fast. Your BGA should, too.
Stay ahead with Modern Life's AI-powered tech and expert support.

A MYGA for Clients Hesitant to Commit to One Long-Term Rate
First-year certainty. Annual rate updates. Get the CurrentRate® MYGA Sales Kit.

Elite Networking & Insights Await at the Event of the Year
The industry's premier conference for leaders driving what’s next in financial services.

Press Releases

  • Prosperity Life GroupSM Launches Prosperity PathWaySM Series, Bringing Greater Choice and Flexibility to Retirement Income Planning
  • Senior Market Sales® Fortifies Annuity Reach With Acquisition of Retirement Planning Firm Stratton & Company
  • RFP #T01625
  • Rockwood Programs Appoints Kerry Ladouceur as Vice President, Financial Lines
  • JP Insurance Group Launches Commercial Property & Casualty Division; Appoints Joe Webster as Managing Director
More Press Releases > Add Your Press Release >

How to Write For InsuranceNewsNet

Find out how you can submit content for publishing on our website.
View Guidelines

Topics

  • Advisor News
  • Annuity Index
  • Annuity News
  • Companies
  • Earnings
  • Fiduciary
  • From the Field: Expert Insights
  • Health/Employee Benefits
  • Insurance & Financial Fraud
  • INN Magazine
  • Insiders Only
  • Life Insurance News
  • Newswires
  • Property and Casualty
  • Regulation News
  • Sponsored Articles
  • Washington Wire
  • Videos
  • ———
  • About
  • Meet our Editorial Staff
  • Advertise
  • Contact
  • Newsletters

Top Sections

  • AdvisorNews
  • Annuity News
  • Health/Employee Benefits News
  • InsuranceNewsNet Magazine
  • Life Insurance News
  • Property and Casualty News
  • Washington Wire

Our Company

  • About
  • Advertise
  • Contact
  • Meet our Editorial Staff
  • Magazine Subscription
  • Write for INN

Sign up for our FREE e-Newsletter!

Get breaking news, exclusive stories, and money- making insights straight into your inbox.

select Newsletter Options
Facebook Linkedin Twitter
© 2026 InsuranceNewsNet.com, Inc. All rights reserved.
  • Terms & Conditions
  • Privacy Policy
  • InsuranceNewsNet Magazine

Sign in with your Insider Pro Account

Not registered? Become an Insider Pro.
Insurance News | InsuranceNewsNet