The latest tally for the largest-ever health industry data breach just got a lot bigger.

UnitedHealth Group now said hackers stole records of about 190 million people in last February's attack on its Change Healthcare subsidiary. The health care giant's updated figure, disclosed last week, is nearly twice as large as the company's previous estimate of 100 million victims.

The attack on UnitedHealth-owned Change Healthcare disrupted the health-care industry because doctors and hospitals were unable to collect payments for weeks when computer systems went down. But the headache extends to more than 1 in 2 Americans who now must wonder how their compromised records will be used.

These large-scale attacks in which individuals' identification, bank records and health data are exposed remind consumers of the need to stay "hypervigilant," said John Dwyer, director of security research at Stow, Ohio-based Binary Defense, a cybersecurity company.

The treasure trove of information is valuable to scammers who want to open a fraudulent credit card or account in your name.

Need a break? Play the USA TODAY Daily Crossword Puzzle.

"The unfortunate reality of living in the world today is there are sort of certain precautions you need to take to manage your digital risk," Dwyer said.

My health data was compromised in a hack. What should I do?

Companies targeted in hacks typically offer their affected customers free credit monitoring for a period. These services can alert you when bad actors open a fraudulent account with your information.

Beyond signing up for credit monitoring, consumers should take other steps to protect themselves from identify theft, said Chris Pierson, CEO of BlackCloak, an Orlando-based cybersecurity company that specializes in personal digital protection for high-profile clients.

You should contact the three major credit bureaus − Equifax, Experian and TransUnion −and request a freeze on your credit. Such a move would block data thieves from using a name, stolen Social Security number, date of birth or address, to open a new credit card or account.

Also be aware of phishing attacks via text message, email or voice call. Sophisticated attackers might use an individual's sensitive records − date of a hospital or doctor visit for example − in an attempt to extract payment for a phony medical bill, Pierson said.

You also should monitor your bank accounts, health savings accounts or other financial records to guard against unauthorized charges, Pierson said.

"Make yourself more resilient to a type of a scam attack by understanding what tactics these people might take," said Pierson.

What happened in the UnitedHealth attack?

Last February, hackers accessed the computer network of UnitedHealth-owned Change Healthcare in a ransom attack. Change Healthcare is the nation's largest clearinghouse for medical payments.

UnitedHealth said the vast majority of those affected by the data breach have been notified. The final number of people affected by the hack will be confirmed at a later date in a required filing with the U.S.. Department of Health and Human Services Office of Civil Rights, the company said in a statement.

HHS investigates whether breaches involve violations of health information privacy and security laws and publicly reports attacks that affect 500 or more on its website.

"Change Healthcare is not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis," the company said in a statement.

Consumers can access information about credit monitoring and circumstances of the attack at this site, changecybersupport.com.

UnitedHealth said the hackers' haul included customers names, addresses, phone numbers, email addresses or birthdates. Other pilfered records may have included health insurance information, billing claims or health records such as diagnostic codes, medicines, test results, images and treatment information.

After filing a lawsuit against Change Healthcare last December, Nebraska Attorney General Mike Hilgers said the data hack "compromised the most sensitive privacy and financial data of Nebraskans" and shut down health insurance payments to medical providers. Nebraska is the first state to sue the company over the data hack. More than four dozen lawsuits have been filed in connection with the data breach.

While stolen records varied by individual, the data breach included some Social Security numbers. In rare instances, bank information, payment cards, driver's licenses or other identification cards might have been accessed, the company said.

Health care companies are a vulnerable target

Hospitals, health care systems and health insurers have faced a growing number of attacks in recent years from cybercriminals who demand ransom payments. In such attacks, hackers take control of a hospital or health company's data systems and demand a ransom payment for the return of control.

Cybercriminals covet health data because it tends to be more accurate than other sources of information, Pierson said.

"The quality of information in the healthcare and financial sectors is more pristine, Pierson said.

Because the data is so valuable, health care companies often face a grave risk of cyberattack, said Frank Balonis, chief information security officer at Kiteworks, a San Mateo California-based firm that provides secure data-sharing solutions.

Kiteworks ranked risk scores for the top 11 hacks across all industries last year based on factors such as the the size of the attack, economic loss, type of data stolen and regulatory compliance. Other high-profile data hacks on Ticketmaster and the pathology laboratory Synnovis impacted more people, but those attacks had lower risk than the Change Healthcare breach, according to Kiteworks' analysis.

Only the National Public Data breach − a data aggregator for background checks − had a risk score on par with the Change Healthcare breach, according to Kiteworks. The National Public Data breach exposed nearly 3 billion records of consumers including names, email addresses, phone numbers and mailing addresses and Social Security numbers.