Checklist 409: Change Healthcare’s Strange and Changing Story

Change Healthcare Data Breach Affects 190 Million, Nearly Twice Initial Estimates

The number of people affected by the Change Healthcare data breach has surged to 190 million, nearly double the 100 million previously reported, according to UnitedHealth Group. The breach, initially disclosed in early 2024, exposed sensitive personal and health information, making it one of the largest healthcare-related cyberattacks in U.S. history.

A Timeline of Changing Numbers

In April 2024, UnitedHealth initially estimated that hackers had accessed data on a “substantial proportion of people in America,” with early speculation suggesting as many as 170 million individuals could be affected. By October, the company revised the estimate to 100 million, only for a January 2025 update to push the number to 190 million.

Despite these shifts, a UnitedHealth spokesperson stated that the “vast majority” of affected individuals have been notified, though final numbers are still pending confirmation with the Office for Civil Rights.

How the Attack Happened

According to TechCrunch, attackers exploited a stolen account credential that lacked multi-factor authentication to gain access to Change Healthcare’s systems. The breach compromised a vast range of sensitive data, including:

• Personal details: Names, addresses, phone numbers, dates of birth, email addresses
• Financial data: Banking details and Social Security numbers
• Government IDs: Driver’s licenses, passports
• Medical information: Diagnoses, test results, medications, and insurance details

UnitedHealth maintains that there is no evidence of misuse of the stolen data, though critics question the company’s cybersecurity preparedness.

Did UnitedHealth Try to Hide the Breach Notice?

Further controversy surrounds UnitedHealth’s handling of public disclosures. A TechCrunch investigation found that Change Healthcare had embedded “noindex” code in its breach notification webpage, preventing it from appearing in search engine results. This code had reportedly been in place since at least November 2024, making it harder for individuals to find critical information.

UnitedHealth did not comment on why the page was hidden, but it has since stated that it had “substantially completed” the notification process. However, some affected individuals—particularly those without updated addresses on file—may not have received direct notice.

Resources for Affected Individuals

Change Healthcare had initially provided a website, ChangeCyberSupport.com, and a helpline (866-262-5342) for those seeking more information. However, questions remain about how many affected individuals were successfully reached.

As the final numbers are still being confirmed, this breach remains one of the most significant cybersecurity failures in the healthcare sector. Regulators and affected individuals are now awaiting further accountability from UnitedHealth and Change Healthcare.

Apple Releases 240 Security Fixes, Including Patches for Actively Exploited Vulnerability

Apple has rolled out a sweeping set of security updates, addressing 240 vulnerabilities across all of its major operating systems, including macOS, iOS, iPadOS, watchOS, tvOS, and visionOS. Older macOS versions also received a Safari update with additional patches.

Breaking Down the Updates

Apple’s latest security patches include:

• macOS: 125 fixes across Sequoia 15.3 (57), Sonoma 14.7.3 (38), and Ventura 13.7.3 (30)
• iOS & iPadOS: 25 fixes for iOS 18.3, 25 for iPadOS 18.3, and 13 for iPadOS 17.7.4
• watchOS & tvOS: 14 fixes each for watchOS 11.3 and tvOS 18.3
• visionOS: 17 security fixes for visionOS 2.3
• Safari: 7 security patches in Safari 18.3 for older macOS versions

A Critical CoreMedia Vulnerability

Among the updates, six security patches stand out due to active exploitation concerns. Apple’s security notes indicate a CoreMedia vulnerability that “may have been actively exploited against versions of iOS before iOS 17.2.” The issue impacts iOS, iPadOS, macOS, watchOS, tvOS, and visionOS, reinforcing how Apple’s software ecosystems share core components.

Interestingly, while newer versions were patched, macOS Sonoma, Ventura, and iPadOS 17.7.4 did not receive the fix—raising questions about whether they were ever vulnerable. SecureMac CTO Israel Torres explained that changes in Apple’s code structure over time may have inadvertently fixed and then reintroduced the vulnerability, depending on how different OS versions evolved. However, without deeper internal knowledge of Apple’s security architecture, the exact reason remains uncertain.

Time to Update

Even without the actively exploited CoreMedia vulnerability, Apple’s 234 other security fixes highlight the importance of staying up to date. Both Apple and security experts at SecureMac strongly recommend updating all Apple devices to the latest available software versions.