UnitedHealth Group said Monday that hackers stole health and personal data from its networks in February, possibly affecting a “substantial proportion” of Americans, as the largest US health insurer works to mitigate the damage.
The penetration at its Change Healthcare unit, which processes almost half of all medical claims in the United States, was one of the greatest hacks to affect American healthcare, causing severe payment disruptions to doctors and health facilities.
The publication implies that patients’ healthcare information is vulnerable. An early investigation of the hacked data revealed files containing protected health information or personally identifiable information, “which could cover a substantial proportion of people in America,” according to a corporate statement on its website.
The theft on February 21 occurred despite a ransom payment.
“A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure,” UnitedHealth CEO Andrew Witty told CNBC on Monday.
“This attack was conducted by malicious threat actors, and we continue to work with law enforcement and multiple leading cybersecurity firms during our investigation.”
In such breaches, hackers typically seek sensitive data such as patient records, medical histories, or treatment plans to use in subsequent criminal acts or to extort ransom.
While a thorough examination of the compromised data would take “several months,” UnitedHealth stated that there is no evidence that doctors’ charts or comprehensive medical histories of patients were stolen. It did not specify how many people’s data were taken but stated that it was monitoring online forums where hackers frequently leak or exchange such data packets.
Another hacker group released 22 screenshots on the dark web for nearly a week, some of which contained UnitedHealth customers’ protected healthcare and personal information, the business claimed, adding that it was unaware of any more leaks at the time.
That outfit, known as Ransomhub, previously told Reuters that it received the data from a dissatisfied Blackcat affiliate.
Soon after the attack was discovered in February, Blackcat announced on its website that it had stolen 8 terabytes of confidential data from Change Healthcare, only to later erase the statement without explanation.
“We understand that this attack has caused concern and disruption for consumers and providers, and we are committed to doing everything possible to assist and support anyone who may require it,” UnitedHealth CEO Witty stated in the business statement.