The Digital Pandemic: The Largest Breach of Healthcare Data in US History and Why It Matters to You

With your ‘digital shadow’ growing by the second in this age of cybercrime after cybercrime, it’s no wonder that February’s announcement of the UnitedHealth data breach, which resulted in the information of more than 100 million Americans being leaked, caused a sensation. Not only does it mark the largest cyber-attack on a healthcare provider to date – but it also highlights that your identity online may be more vulnerable than you once thought.

THE UNPRECEDENTED SCALE OF IMPACT

The intrusion, instigated by a group of hackers known as ALPHV (formerly known as BlackCat), targeted the payment processing system of Change Healthcare, a subsidiary of the UnitedHealth Group. Because UnitedHealth Change Healthcare operated a so-called ‘first-party’ payment platform – meaning it was paid by both the insured and the medical service provider, rather than a ‘third-party’ insurer – the company was undoubtedly collecting vast amounts of personal data. On 24 October, the total number of impacted individuals became apparent when the U.S. Department of Health and Human Services Office for Civil Rights updated its data breach portal.

THE FALLOUT BEYOND THE INDIVIDUAL

But the transgression has implications far beyond the privacy of any individual patient or family. Healthcare breaches threatened the privacy of family members, placing entire families at heightened risk meanwhile, insecure medical records and personal financial information have highlighted the vulnerability of personal information in the connected healthcare environment.

A DESPERATE BID FOR RECOVERY

In the aftermath of the breakthrough, UnitedHealth reportedly paid a staggering $22 million to hackers in an attempt to bribe them into returning the stolen data, before the criminals changed their minds and refused to provide the medical information of millions of US citizens. The episode not only shows the dangers of discussing business proposals with professional crooks, but also the determined efforts of besieged institutions to safeguard patient records.

THE ONGOING BATTLE AGAINST CYBER THREATS

While UnitedHealth meets with the affected, and works to strengthen its cybersecurity measures, the incident is another very real reminder of the modern power of these digital threats. And after all of that, the question remains – can any healthcare provider ever truly protect us from these kinds of attacks?

STEPS TO SAFEGUARD YOUR DIGITAL HEALTH

If you’re one of the 80 million Americans whose Social Security numbers were leaked by UnitedHealth, now is the time to take proactive steps to protect your information by watching bank statements and credit-card statements, requesting a credit freeze, and being vigilant about being billed for medical care. There’s no way to know if or when these breaches will be used against you, but you can minimise the risk by being proactive.

UNDERSTANDING STATUS IN THE WAKE OF THE UNITEDHEALTH BREACH

Status. The word evokes images of standing, either social or vocational. But in the wake of UnitedHealth’s data breach, status is something else entirely: a symptom of having been made more or less vulnerable, by an unprecedented digital disaster. Status is the position, then, of the 100 million Americans who find that their personal information is or isn’t compromised. In the aftermath of the attack, as people assess their status (compromised, possibly compromised, secure) the incident becomes one of several threads in an extended conversation about privacy, cybersecurity and trust in our digital healthcare infrastructure.

CONCLUSION

The UnitedHealth breach in February is a watershed moment in healthcare digital security, because of its size and complexity, but also as a parable of harm and difficulty. And this is the largest healthcare data breach in US history: its effect on individual and family privacy is a stark example of how badly the future needs robust cybersecurity as well as conscientious management of our personal data. Be it true or false, the question of whether their data is now out there or safe remains a matter of great concern for millions of people.