UnitedHealth Group, the American healthcare insurance giant, confirmed on Monday (April 22) that its healthcare technology subsidiary, Change Healthcare, was recently targeted in a cyber attack, leading to a possible breach of a large amount of personal medical data of Americans. This intrusion marks one of the most severe hacker attacks in the U.S. health insurance sector.
According to a statement from UnitedHealth Group, based on preliminary analysis, hackers potentially accessed protected health information (PHI) or personal identity information (PII) of a significant portion of the American population as early as February this year.
Change Healthcare, a healthcare technology company under UnitedHealth Group, has access to the medical data of approximately half of the U.S. population.
When the cyber attack occurred on February 21, the Change Healthcare website was paralyzed for several days. Despite UnitedHealth Group promptly isolating Change Healthcare from other systems, the impact was significant. Thousands of pharmacies across the U.S. were unable to fill prescriptions, millions of electronic prescriptions were left unprocessed promptly, and patients faced challenges in insurance reimbursement requests.
Andrew Witty, the CEO of UnitedHealth Group, stated, “We understand that this attack has caused concern among consumers and healthcare service providers, leading to disruptions. We are committed to assisting anyone in need and providing support to them to the best of our abilities.”
The healthcare insurance giant did not disclose the exact number of Americans affected by the breach but mentioned that the data review process “may take months.” However, there is currently no indication that medical records or complete personal medical histories were stolen.
To address the breach, UnitedHealth Group paid a ransom of $22 million to the hackers in March.
During an interview with CNBC on Monday, Witty mentioned, “Paying the ransom is part of the company’s commitment to safeguarding patient data from being exposed.”
He added that the company will continue to collaborate with law enforcement agencies and leading cybersecurity firms to conduct investigations.
The hacker group behind the attack, known as AlphV or BlackCat, claimed to have stolen 8TB of sensitive files from Change Healthcare shortly after the attack was revealed. However, they later removed the statement without providing any explanation.
UnitedHealth Group revealed that another hacker group posted 22 screenshots on the dark web, some of which contained personal data of the company’s clients.
Identifying themselves as Ransomhub, the organization claimed to Reuters that an affiliate company under BlackCat, not receiving a share of the ransom, provided them with the data.
Due to a lack of evidence, whether their claims are true remains unclear.