How the ransomware attack at Change Healthcare went down: A timeline | TechCrunch

A February 2024 cyberattack on Change Healthcare stands as the largest data breach of health and medical data in U.S. history.

Change Healthcare processes billing and insurance for hundreds of thousands of hospitals, pharmacies and medical practices.

The company confirmed in January 2025 that its data breach affects approximately 190 million people in America , almost double the company's previous estimate.

Change Healthcare received a “safe” copy of the stolen data that it had just days earlier paid $22 million for.

U.S. government offered $10 million for information leading to ALPHV/BlackCat's capture.

Change Healthcare began poring through the dataset to determine whose information was stolen in the cyberattack.

U.S. Department of Health and Human Services said affected healthcare providers can ask UnitedHealth to notify affected patients.

Change Healthcare began notifying those whose healthcare data was stolen in its ransomware attack on a rolling basis in late July .

The state of Nebraska filed a lawsuit against Change Healthcare in December , accusing the health tech giant of security failings that led to the massive breach.