A massive ransomware attack on Change Healthcare, a health tech company owned by UnitedHealth Group (UHG), has resulted in the theft of over 100 million individuals' private health information. This is the largest known digital theft of US medical records, with far-reaching consequences for the millions of Americans affected.

The attack, which occurred in February, caused widespread disruption across the US healthcare sector, with outages lasting for months. The stolen data includes sensitive information such as names, addresses, dates of birth, phone numbers, email addresses, government identity documents, diagnoses, medications, test results, and health insurance information.

The cyberattack was attributed to ALPHV/BlackCat, a Russian-speaking ransomware and extortion gang, which later took credit for the attack. The gang absconded with a $22 million ransom paid by UHG, but there is no evidence that the data was deleted. In fact, the contractors who carried out the hacking formed a new group and extorted a second ransom from UHG, publishing a portion of the stolen files online to prove their threat.

The incident has raised serious concerns about corporate consolidation and poor security practices. Lawmakers are investigating the breach, and the US State Department has increased its reward for information on the whereabouts of the ALPHV/BlackCat cybercriminals to $10 million.

The attack highlights the importance of robust cybersecurity measures, including multi-factor authentication (MFA), to protect sensitive data. Change Healthcare's failure to implement MFA allowed the ransomware gang to gain access to its network using stolen credentials.

The incident serves as a wake-up call for the healthcare tech industry, which handles vast amounts of sensitive data. It also underscores the need for stricter regulations and oversight to prevent such breaches in the future.