Written by Manas Mishra and Zeba Siddiqui
(Reuters) – UnitedHealth Group said on Monday that hackers lost the health and personal information of a potentially “significant percentage” of Americans in February, as the nation's largest health insurer scrambles to contain the damage. The company announced that it had been stolen from its systems.
The breach at the Change Healthcare division, which processes about 50% of U.S. medical claims, was one of the worst hacks to hit U.S. healthcare, causing widespread disruption to payments to doctors and medical facilities. .
This disclosure suggests that patient medical information remains vulnerable. The company said in a statement on its website that an initial investigation of the breached data revealed files containing protected health information and personally identifiable information “that may cover a significant portion of the population of the United States.” He said it was found.
The theft on February 21st occurred despite the payment of a ransom.
“The ransom was paid as part of the company's commitment to doing everything we can to prevent patient data from being compromised,” UnitedHealth CEO Andrew Whitty told CNBC on Monday.
“This attack was carried out by a malicious actor, and we will continue to work with law enforcement and multiple leading cybersecurity companies during the investigation.”
Hackers typically seek sensitive data such as patient records, medical history, treatment plans, etc. to use for further criminal activities or to demand ransom for such breaches.
A full analysis of the compromised data will take “several months,” but UnitedHealth said there is no evidence to suggest that physician charts or individuals' complete medical histories were stolen. It did not say exactly how many people's data had been stolen, but said it was monitoring online forums where hackers tend to leak or trade such data packets.
The cybercrime organization behind the breach, known as AlphV or BlackCat, did not respond to multiple requests for comment.
The company said a separate group of hackers posted 22 screenshots on the dark web over the course of about a week, some of which contained protected health and personal data of UntiedHealth customers. It added that it is not aware of any other leaks at this time.
The group, which calls itself Ransomhub, earlier told Reuters that a disgruntled Blackcat affiliate provided the data.
Shortly after the hack was discovered in February, Black Cat announced on its website that it had stolen eight terabytes of confidential records from Change Healthcare, but that statement was later deleted without explanation.
“We know this attack is causing concern and confusion for consumers and healthcare providers, and we need your help,” UnitedHealth CEO Whitty said in a company post. We are committed to doing everything possible to support and provide for everyone.”
(Reporting by Manas Mishra, Maryam Sunny and Sriparna Roy in Bengaluru; Editing by Krishna Chandra Eluri, Sriraj Kaluvila and Richard Chan)