Change Healthcare Hack Led to "Substantial" Theft of Data
UnitedHealth Group has acknowledged that a recent ransomware attack on its subsidiary Change Healthcare led to a massive data breach, affecting a "substantial proportion of people in America." The breach, one of the most significant in American healthcare history, resulted in the theft of sensitive patient data across the country.
Initially stolen by the BlackCat/ALPHV ransomware gang, the data was then allegedly passed to a second group, RansomHub, further escalating the situation. TechCrunch reported that the initial intrusion occurred in February, with the attackers gaining access to Change Healthcare's systems for over a week before deploying ransomware. This allowed them to exfiltrate an enormous amount of data.
The severity of the data compromise became apparent when RansomHub began publishing portions of the stolen data online. In response to this continued threat, UnitedHealth was forced to pay the ransom to prevent further data disclosure. "A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure," a UnitedHealth spokesperson told BleepingComputer.
The financial impact of the attack on UnitedHealth has been profound. Not only has the company had to pay two sizable ransoms at this point, it also reported an $872 million loss due to the operational disruptions caused by the initial cyberattack. Services such as payment processing, prescription writing, and insurance claims faced significant delays, contributing to a broader healthcare slowdown.
This breach not only disrupted the financial and operational aspects of US healthcare but also raised serious concerns about the security of sensitive medical data in a sector that is increasingly targeted by cybercriminals. Despite the ransom payment and ongoing efforts to secure their systems, UnitedHealth continues to grapple with the ramifications of the breach.
UnitedHealth CEO Andrew Witty remarked on the ongoing response efforts, saying, "We know this attack has caused concern and been disruptive for consumers and providers, and we are committed to doing everything possible to help and provide support to anyone who may need it."
The company has initiated a detailed analysis of the hacked data, which is expected to take several months. Meanwhile, UnitedHealth is already taking steps to support affected individuals, including the offering of credit monitoring and identity theft protection services.
Please, comment on how to improve this article. Your feedback matters!