United Health Group The company said Monday that it has paid ransoms to cyber threat actors in an effort to protect patient data following a February cyber attack on its subsidiary. Changing healthcare. The company confirmed that files containing personal information were compromised in the breach.
“This attack was initiated by a malicious threat actor, and we continue to work with law enforcement and multiple leading cybersecurity firms during the investigation,” UnitedHealth told CNBC in a statement. “The company is committed to doing everything it can to protect patient data. A compromise was made and a ransom paid.”
The company did not specify the ransom amount.
UnitedHealth, which has more than 152 million customers, also determined that cyber threat actors accessed files containing protected health information and personally identifiable information. Published on Monday. The documents “potentially cover a significant portion of the US population,” the statement said.
Change Healthcare provides payment and revenue cycle management tools. The company facilitates more than 15 billion transactions annually, with 1 in 3 patient records passing through its system. This means patients who were not UnitedHealth customers could also be affected by the attack.
UnitedHealth said in a news release that 22 screenshots of the allegedly infected files were uploaded to the dark web. The company said it has not released other data and has seen no evidence that doctors’ charts or full medical histories were accessed in the breach.
“We know this attack has caused concern and disruption for consumers and providers, and we are committed to doing everything possible to provide assistance to anyone who may need help,” UnitedHealth CEO Andrew Witty said in a news release. “
Concerned patients can go to UnitedHealth’s dedicated website used to access resources. The company has launched a call center that will offer free identity theft protection and credit monitoring services for two years, according to a press release.
UnitedHealth Group said that due to the “ongoing nature and complexity of the data review,” the call center would not be able to provide any details about the impact on personal data.
Tags: UnitedHealth Pays Bad Actors Ransom Change Healthcare Cyberattack Compromised Patient Data
