You need to understand that the Internet was NEVER designed for the exchange and storage of sensitive personal information.

It’s kind of like a yacht was only ever designed to go on WATER. No matter how hard you try, you will NEVER make it go on dry land.

Surely this is not rocket science?

Even if you haven't interacted with UnitedHealth, there's a good chance Change still handled your data, thanks to its size — in large part thanks to unchecked corporate consolidation over the years.

Per its HIPAA notice, the stolen data includes patients' health data, billing and insurance information, diagnoses, medications, test results, and more.

All the while, UnitedHealth made $400 billion (yes, with a b) in revenue in 2024 — but couldn't seem to bother with basic cybersecurity practices, like MFA.

Until executives of these companies are held personally liable and start going to jail for a looooong time (or worse), there is no incentive to do better…