Magellan Health, one of the largest managed care companies in the United States (specializing in behavioral health and pharmacy benefits), disclosed in May 2020 that it suffered a ransomware attack on April 11, 2020. Attackers gained initial access via a spear-phishing email impersonating a Magellan Health client, planted malware to exfiltrate data, then deployed ransomware. Approximately 365,000 individuals were affected. The exfiltrated data included names, addresses, employee ID numbers, W-2 information (Social Security numbers, employee ID numbers and income information), and some treatment/health information. Magellan serves approximately 42 million people across the US through behavioral health, specialty health, and pharmacy benefit management services. The attack occurred during the height of the COVID-19 pandemic, when healthcare organizations faced heightened cyber threats. Magellan was acquired by Centene Corporation in 2022.