Health insurance giant UnitedHealth Group has admitted that a ransomware attack on its health tech subsidiary Change Healthcare earlier this year stole large amounts of Americans' personal medical data.
UnitedHealth said in a statement Monday that the ransomware gang has exfiltrated files containing personal data and protected health information and “may be targeting a significant portion of the population of the United States.”
The health insurance giant did not say how many Americans would be affected, but said reviewing the data “could take months” before it began notifying individuals that their information was stolen in the cyberattack. “It's expensive.”
Change Healthcare processes insurance and billing for hundreds of thousands of hospitals, pharmacies, and medical practices across the U.S. healthcare industry. We have access to vast amounts of health information on about half of all Americans.
UnitedHealth said it has not yet seen evidence that a doctor's chart or complete medical history was leaked from its systems.
The hackers' admission that they stole Americans' health data comes a week after a new group of hackers began releasing some of the stolen data in an effort to extort a second ransom demand from the company. Ta.
The gang, which calls itself RansomHub, published multiple files containing personal information about patients across a series of documents on a dark web leak site, including internal files related to Change Healthcare. RansomHub said it would sell the stolen data unless Change Healthcare paid the ransom.
RansomHub is the second gang to demand ransom from Change Healthcare. The health tech giant reportedly paid $22 million in March to a Russia-based criminal organization called ALPHV, which has since disappeared and forced part of the ransom money to go to affiliated companies that carried out the data theft. I made it.
RansomHub claimed in its post, along with the stolen data released, that “ALPHV is not the one we have data on.”
UnitedHealth acknowledged in a statement Monday that some files had been released, but stopped short of claiming ownership of the documents. “This is not a formal infringement notification,” UnitedHealth said.
The Wall Street Journal reported Monday that ALPHV's criminal hacking affiliate infiltrated Change Healthcare's network using stolen credentials for a system that allowed remote access to the network. The hackers were able to infiltrate Change Healthcare's network for over a week and steal large amounts of data from the company's systems before deploying the ransomware.
The cyberattack on Change Healthcare began on February 21st and resulted in ongoing widespread outages at pharmacies and hospitals across the United States. For weeks, doctors, pharmacies, and hospitals were unable to verify patient benefits in dispensing medications, arranging inpatient care, and processing pre-approvals for surgeries.
Much of the U.S. health care system has been shut down, and health care providers are facing financial pressure from growing backlogs and prolonged service outages.
UnitedHealth reported last week that a ransomware attack resulted in more than $870 million in losses. The company reported revenue of $99.8 billion in the first three months of the year, which exceeded Wall Street analysts' expectations.
UnitedHealth CEO Andrew Whitty, who received compensation totaling nearly $21 million for the full year of 2022, is scheduled to testify before members of Congress on May 1.