UnitedHealth Group disclosed a significant data breach affecting a considerable portion of Americans, stemming from an intrusion into its Change Healthcare unit in February.
The unit processes roughly half of the United States medical claims, making it one of the most severe cyberattacks in the nation’s healthcare sector.
Despite the payment of a ransom, hackers accessed files containing protected health information and personally identifiable data.
CEO Andrew Witty confirmed the ransom payment, emphasizing the company’s commitment to safeguarding patient data.
The attack, orchestrated by malicious actors, prompted collaboration with law enforcement and cybersecurity experts for investigation.
Hackers typically target sensitive health data for criminal activities or ransom demands. While UnitedHealth reassured that no evidence suggests theft of complete medical histories or doctor’s charts, a comprehensive analysis of the breached data is underway.
Monitoring online forums where hackers often trade such information is part of their response strategy.
The cybercriminal group, AlphV or BlackCat, responsible for the breach, has not responded to inquiries. Another group, Ransomhub, claimed possession of some data, allegedly provided by a disgruntled affiliate of BlackCat.
UnitedHealth stated it was unaware of further data leaks beyond the initial screenshots posted on the dark web.
The breach, although disruptive, prompted UnitedHealth to pledge support for affected individuals and providers.
Despite BlackCat’s claim of stealing 8 terabytes of records from Change Healthcare, subsequent actions by the group, including the deletion of their statement, have added to the complexity of the situation.