The health group UnitedHealth, whose Change Healthcare branch was hit by a cyberattack at the end of February, confirmed on April 22 that the infiltration into its systems had led to a massive theft of Americans' private health data. “Based on an initial sampling of targeted data to date, the company has found files containing protected health data, or personally identifiable information, that could cover a substantial proportion of people in America”writes the firm in a press release.
Significant delays in prescribing medications
Change Healthcare handles insurance and billing for hundreds of thousands of pharmacies, including CVS Health and Walgreens chains, hospitals and doctor's offices. The company has health data on nearly half of Americans. At the time of the cyberattack in late February, patients' insurance claims could no longer be transmitted, causing significant prescription delays.
Advertisement
Many healthcare providers could no longer process prescriptions with patients’ insurance. According to a survey conducted three weeks ago by the American Medical Association, about 80% of responding doctors said they had lost income, with some resorting to personal savings to cover their practice expenses.
UnitedHealth confirms it paid a second ransom
The health group did not provide precise information on the number of patients affected. The individuals already identified were not informed, the group preferring to wait “several months of analysis” so that “sufficient information is available”. According to UnitedHealth, “no evidence of exfiltration of documents, such as medical records or complete medical history,” was not spotted. However, he mentions the presence of 22 screenshots, “allegedly from exfiltrated files (…), published for approximately a week on the dark web by a malicious actor”.
This statement comes after the publication last week on the dark web of several files containing medical, insurance and billing data stolen during the cyberattack. The hacker group, RansomHub, then threatened to sell 4 terabytes of personal data in the event of non-payment of a ransom. Tyler Mason, a spokesperson for UnitedHealth, confirmed to Techcrunch that the company had paid the cybercriminals, without specifying the amount.
$870 million in losses
A few days after the cyberattack, the Russian ransomware gang BlackCat/ALPHV also demanded payment of a ransom. Change Healthcare then allegedly paid $22 million to prevent the data from being published. According to Wall Street Journal, These same hackers would have been present in Change Healthcare systems as early as February 12, nine days before deploying their ransomware.
Advertisement
UnitedHealth said last week that the cyberattack caused it to lose more than $870 million. The group, however, achieved a turnover of $99.8 billion in the first quarter, up 8.5% compared to the first quarter of 2023.
Selected for you