UnitedHealth Admits Paying Off Hackers After 'Substantial' Patient Data Was Compromised in Change Healthcare Cyberattack

By

UnitedHealth Group admitted Monday that it had paid hackers to protect patients' data following the cyberattack on its subsidiary Change Healthcare in February.

"This attack was conducted by malicious threat actors, and we continue to work with the law enforcement and multiple leading cyber security firms during our investigation," UnitedHealth told CNBC.

"A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure," it added. However, the company did not disclose the ransom payment amount.

Ascension Hit by Cyberattack, Disrupting Operations at Some of Its Hospitals
Major healthcare nonprofit Ascension said a cyberattack had interrupted its clinical operations, prompting it to take measures to limit any impact on patient care. Pixabay / Pexels

UnitedHealth Group Says Hackers Accessed Patients' Protected Health Information

According to a press release Monday, UnitedHealth said the cyberthreat actors gained access to files, including protected health and personally identifiable information. The company noted that the data could "cover a substantial proportion of people in America."

Change Healthcare provides patient billing across the US healthcare system. It performs billions of healthcare transactions annually and claims to manage the data of almost one-third of all US patients, or about 100 million people.

One in every three patient records passes through its systems, which means even patients who are not UnitedHealth clients could have been affected by the cyberattack.

In the press release, UnitedHealth said 22 screenshots of the alleged compromised files were posted to the dark web for about a week. The company further noted that there was no evidence that doctors' charts or complete medical histories were accessed in the breach, and no other data has been published.

UnitedHealth CEO Guarantees Full Assistance for Impacted Individuals

UnitedHealth CEO Andrew Witty said in the release that the attack caused anxiety and inconvenience to consumers and providers, and they "are committed to doing everything possible to help and provide support to anyone who may need it."

The company has created a dedicated website where worried patients can get more information and assistance. UnitedHealth also launched a call center offering free identity theft protection and credit monitoring for two years.

© 2024 VCPOST.com All rights reserved. Do not reproduce without permission.

Join the Conversation

Real Time Analytics