Omar Marques | Lightrocket | Getty Photographs
UnitedHealth Group on Monday mentioned it paid ransom to cyberthreat actors to attempt to defend affected person knowledge, following the February cyberattack on its subsidiary Change Healthcare. The corporate additionally confirmed that recordsdata containing private data had been compromised within the breach.
“This assault was performed by malicious risk actors, and we proceed to work with the regulation enforcement and a number of main cyber safety companies throughout our investigation,” UnitedHealth informed CNBC in an announcement. “A ransom was paid as a part of the corporate’s dedication to do all it might to guard affected person knowledge from disclosure.”
The corporate didn’t specify the ransom cost quantity.
UnitedHealth, which has greater than 152 million prospects, mentioned it has additionally decided that the cyberthreat actors accessed recordsdata containing protected well being data and personally identifiable data, in line with a launch Monday. The recordsdata “might cowl a considerable proportion of individuals in America,” the discharge mentioned.
Change Healthcare presents cost and income cycle administration instruments. The corporate facilitates greater than 15 billion transactions yearly, and 1 in each 3 affected person data passes via its methods. This implies even sufferers who usually are not UnitedHealth prospects might have been affected by the assault.
UnitedHealth mentioned within the launch that 22 screenshots, allegedly of the compromised recordsdata, have been uploaded to the darkish internet. The corporate mentioned no different knowledge has been printed, and it has not seen proof that docs’ charts or full medical histories had been accessed within the breach.
“We all know this assault has brought on concern and been disruptive for customers and suppliers and we’re dedicated to doing all the things attainable to assist and supply help to anybody who may have it,” UnitedHealth CEO Andrew Witty mentioned within the launch.
UnitedHealth mentioned that involved sufferers can go to a devoted web site for entry to sources. The corporate has launched a name heart that can supply free id theft protections and credit score monitoring for 2 years, the discharge mentioned.
The decision heart will be unable to supply any particulars about particular person knowledge affect given the “ongoing nature and complexity of the info evaluate,” UnitedHealth mentioned.
