Ransomware victim disclosure
← All victimsChange Healthcare (Optum/UnitedHealth Group)
listed as Change Healthcare - Optum - UnitedHealth · Claimed by ALPHV/BlackCat · listed 2 years ago
Status timeline
- ListedFeb 28, 2024
- Data leakeddate unknown
At a glance
- Group
- ALPHV/BlackCat
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Feb 28, 2024
About the victim
AI dossier — public-source company profileChange Healthcare is a major healthcare IT and services company operating under Optum (a UnitedHealth Group subsidiary). It serves payers, providers, employers, government agencies, and life sciences manufacturers across the U.S. healthcare system, supporting 8 out of 10 health plans, hospitals, and Fortune 100 employers.
- Industry
- Healthcare Technology & Services
Attack summary
Severity: critical — Change Healthcare is a major healthcare infrastructure provider serving millions of patients, health plans, and providers across the U.S. Confirmed data exfiltration by ALPHV of this scale affects regulated healthcare information at national scope, including PII, medical records, and claims data across multiple sectors.The ALPHV ransomware group claims to have compromised Change Healthcare. Disclosed status indicates data has been published, though the specific leak post content was not captured in this submission.
Data the group says was taken
AI dossier — extracted from the leak post- Health plan member data
- Provider records
- Claims information
- Pharmacy data
- Prior authorization records
- Employer benefit information
- Government healthcare program data
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

