The full scope of the data breach unfolded only in January 2025, almost a year after the attack occurred, when UnitedHealth confirmed the breach affected approximately 190 million people — more than half of the US population, making it the largest healthcare data breach in US history. Top Detected TTPs of 2024: Three of the top MITRE ATT&CK TTPs detected throughout 2024 — Exploitation for Client Execution (T1203), Valid Accounts (T1078) and Exploit Public-Facing Application (T1190) — illustrate the popularity of two attack vectors — vulnerability exploitation and stolen access credentials. Exploitation of unpatched software vulnerabilities, abuse of compromised credentials and leveraging flaws or misconfigurations in internet-exposed systems provide attackers with entry points. Once they gain an initial foothold, they can perform a range of additional malicious actions. The Change Healthcare attack discussed above, for example, shows how the abuse of stolen access credentials to a valid account eventually resulted in the largest healthcare data breach in the US. ID T1071 Application Layer Protocol 28.68% ID T1566 Phishing 18.97% ID T1203 Exploitation for Client Execution 18.60% ID T1078 Valid Accounts 17.22% ID T1190 Exploit Public-Facing Application 16.56% Vulnerability Intelligence 4 Stolen Access Credentials 6 Tips 7 Ransomware 5 Key Findings 1 731 483 474 439 422 United States United Kingdom Europe China Germany Ukraine Canada India France Russia 331 88 65 63 61 60 54 54 53 52 Top 10 Targeted Locations in 2024 10 Blurring Boundaries 3 Threat Snapshot 2