UnitedHealth Confirming Data Breach in Cyberattack, Paid Threat Actors Ransom to Prevent Patient Data Disclosure

By Moon Harper | Apr 23, 2024 01:04 AM EDT

TEXT SIZE    

UnitedHealth Group disclosed that it was paying ransom to cyber threat actors to safeguard patient data after the February cyberattack on its subsidiary, Change Healthcare. The company also confirmed that files with personal information were compromised in the breach.

The Change Healthcare's Cyberattack

Small private practice healthcare providers experienced financial strain as essential reimbursement systems remained offline for nine days following an attack on Change Healthcare. Change Healthcare offers payment and revenue cycle management tools and facilitates transactions between healthcare providers and major insurance firms as its parent company, UnitedHealth Group, discovered a cyberattack on February 21 and promptly isolated and disconnected affected systems.

The outage has hindered doctors' ability to verify patient eligibility and process electronic prescriptions, exacerbating the administrative workload for already overwhelmed staff. Healthcare providers could also not receive insurance payments, resulting in stalled revenue cycles. Smaller and mid-sized practices, reliant on cash flow from reimbursements, faced tough decisions for survival. If the outage continues, experts caution that some practices may be compelled to close their doors permanently.

UnitedHealth Group Paying Ransom to Prevent Data Disclosures

UnitedHealth stated to CNBC that malicious threat actors carried out the attack. The company continues to collaborate with law enforcement and various cybersecurity firms during the investigation. It confirmed that a ransom was paid as part of its commitment to protect patient data from disclosure, with no specified ransom payment amount.

UnitedHealth, with over 152 million customers, revealed in a statement released on Monday that the cyber threat actors accessed files containing protected health information and personally identifiable information that could potentially cover a significant portion of the American population.

Change Healthcare provides payment and revenue cycle management tools, overseeing over 15 billion transactions yearly and processing one in every three patient records. Consequently, the attack's impact extends beyond UnitedHealth customers, potentially affecting patients who utilize its services regardless of their affiliation with UnitedHealth.

READ ALSO: Change Healthcare Attacked by Ransomware, Causing Outages Disrupting Clerical and Reimbursement Systems

According to the release, UnitedHealth stated that 22 screenshots, purportedly depicting the compromised files, have been uploaded to the dark web. The company clarified that no additional data had been made public and that no evidence indicated access to doctors' charts or complete medical histories during the breach.

UnitedHealth's Commitment to Affected Patients

UnitedHealth CEO Andrew Witty said in the release that the company acknowledges the concerns and disruptions caused by the attack on consumers and providers and affirmed its commitment to offering support and assistance to anyone affected by the incident.

UnitedHealth announced that concerned patients can visit a dedicated website to access resources. The company has also initiated a call center for two years to provide free identity theft protection and credit monitoring. Still, it will be unable to give details about individual data impact due to the ongoing nature and complexity of the data review, as stated by the company.

RELATED ARTICLE: UnitedHealth Group Emerging From Ransomware Attack, Expects to Take Up to $1.6B Hit This Year

pre post  |  next post
More Sections