// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / UnitedHealth Group
Breach Record

UnitedHealth Group

DISCLOSED 2024-02-21 · STOLEN CREDS · RANSOMWARE

UnitedHealth Group confirmed that personally identifiable information (PII) and protected health information (PHI) were exposed in the February 2024 ransomware attack on its subsidiary Change Healthcare. The attack was carried out by the ALPHV/BlackCat ransomware group, which gained access via stolen credentials on a Citrix portal that lacked multi-factor authentication....

The record

What we know

Disclosed
2024-02-21
Attack vector
Stolen Creds
Sector
Healthcare
Country
US
Domain
unitedhealthgroup.com
Data classes exposed
PIIPHI
RANSOMWARE ENDPOINT INVOLVED
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · would prevent · opinion

A positive-security model that enforces known-good application states and rejects unauthorized changes would likely have blocked the ransomware deployment, as it would prevent the execution of unauthorized encryption processes and lateral movement tools, even if initial access was gained via stolen credentials.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the UnitedHealth Group disclosure. It updates if new public reporting emerges. All tracked breaches →

UnitedHealth Group just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →