Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

UnitedHealth confirms major cyberattack, says hackers stole "substantial" amount of patient data

Code Skull.

UnitedHealth Group has issued an update on the data breach that recently struck its subsidiary, Change Healthcare.

The healthcare giant suffered a ransomware attack that knocked some of its services offline and affected different pharmacies and other adjacent businesses across the United States.

In an update, UnitedHealth Group said that based on initial targeted data sampling to date, the company found “files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America.”

Ransomware fiasco

So far, there has been no evidence that the hackers stole materials such as doctors’ charts, or full medical histories. 

The company further explained that the data review is ongoing and complex, and that it will likely take a few months to conclude the investigation, suggesting that the type of stolen data, as well as its scope, might change. 

In the meantime, it set up a dedicated website http://changecybersupport.com/ where affected individuals can get more information and details. It also set up a dedicated call center, and is offering free credit monitoring and identity theft protection for two years. 

The ransomware attack suffered something of a fiasco on both sides. The company was apparently attacked by an affiliate of the infamous ALPHV (BlackCat) ransomware-as-a-service (RaaS). To address the problem and get its data back, the company paid the attackers $22 million in cryptocurrency. However, due to the nature of RaaS, the affiliates who breached Change never got the money, as ALPHV took all of it and shut the entire operation down. 

This also meant that Change never got its data back. In the meantime, a separate threat actor came forward, claiming to be in possession of the data, and asking for even more money. 

UnitedHealth Group said that it’s monitoring the internet and the dark web, together with industry experts, to determine if any data made it online.

“There were 22 screenshots, allegedly from exfiltrated files, some containing PHI and PII, posted for about a week on the dark web by a malicious threat actor. No further publication of PHI or PII has occurred at this time,” the notification concludes.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.