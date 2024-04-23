UnitedHealth Group has revealed that a February cyberattack on its claims processing unit may have exposed the personal or health-related information of “a substantial proportion of people in America.”

The attack, attributed to a criminal group known as ALPHV or Blackcat, targeted UnitedHealth’s Change Healthcare unit, which processes 15 billion healthcare transactions annually. Change Healthcare handles nearly half of all U.S. medical claims and is involved in one in every three patient records, according to government figures. The post-breach standstill led to widespread payment disruptions for healthcare providers.

UnitedHealth opted to pay an unspecified ransom to the hackers to safeguard patient data, it disclosed in a statement. Nevertheless, protected health information and personally identifiable information, allegedly from Change Healthcare files, was found on the dark web, the company said.

However, the health insurance giant said in a news release that it has so far seen no evidence that such materials as doctors’ charts or “full medical histories” were stolen.

The full scope of the breach is still being analyzed, with UnitedHealth actively monitoring online forums where hackers often trade or leak stolen data. While another hacker group, Ransomhub, is reported to have posted screenshots containing customers’ data on the dark web, UnitedHealth said it has found no additional patient information posted there.

“We know this attack has caused concern and been disruptive for consumers and providers, and we are committed to doing everything possible to help and provide support to anyone who may need it,” UnitedHealth CEO Andrew Witty said on a website dedicated to cyberattack updates. Witty is scheduled to testify at a May 1 House hearing about the breach.

What Kind of Data Was Leaked in the UnitedHealth Cyberattack?

So far, files containing sensitive information such as health records and personal details have been identified as being leaked. Investigators discovered 22 screenshots on the dark web, allegedly from stolen files, containing protected health and personally identifiable information. However, no further sharing of the data has so far been uncovered,

Meanwhile, the company says it’s analyzing the data thoroughly and staying in touch with law enforcement and regulators. Once the information is verified, notifications will be sent out to those who were affected.

The company and external experts are actively monitoring the internet and dark web to check for any public disclosure of data. Given the complexity of data analysis, it’s expected to take a few months to gather enough information to identify and notify all affected individuals.

Why Are Leaks Of Healthcare Data So Harmful?

Leaked healthcare data is different from leaked financial data because of its intimate nature. It may include sensitive information about individuals’ health conditions, treatments and medical histories.

When healthcare data is compromised, it can lead to identity theft and insurance fraud. It could also result in physical harm to victims if it’s used for misrepresentation in healthcare settings.

“Unlike financial data, which can be protected or restored through various means such as freezing credit or changing account numbers, health information cannot be altered,” says Paige Hanson, co-founder and head of communications and partnerships at SecureLabs Inc. “This can give attackers leverage over victims for extortion or discrimination.”

Victims Offered Credit Monitoring and Identity Theft Protection

UnitedHealth has established a dedicated call center to answer questions and is offering two years of complimentary credit monitoring and identity theft protection services to clients affected by the cyberattack. Trained clinicians are also on hand to offer support.

To reach the call center, dial 1-866-262-5342. A website dedicated to updates and news about the breach provides additional information.

