UnitedHealth Group Confirms Paying Ransom After Cyberattack Compromises Data of Millions

UnitedHealth Group, one of the largest healthcare companies in the United States, has confirmed that it paid a ransom to cybercriminals after a cyberattack compromised the personal data of a significant portion of the U.S. population. The attack targeted UnitedHealth's subsidiary, Change Healthcare, which processes health insurance claims for patients who visited hospitals, medical centers, or pharmacies.

While UnitedHealth did not disclose the exact amount of the ransom payment, reports indicate that the cybercrime group AlphV or BlackCat received a $22 million transaction that "looked very much like a large ransom payment." Another group, RansomHub, also published what it claimed were private and sensitive records to extort a ransom from the company.

Why this matters: The scale and impact of this cyberattack highlight the growing threat to the healthcare industry and the sensitive data it holds. With millions of Americans potentially affected, the incident raises concerns about the security of personal health information and the consequences of such breaches.

The scale of the attack was significant, as Change Healthcare processes 15 billion transactions per year, meaning that even patients who were not UnitedHealth customers were potentially affected. UnitedHealth stated that stolen files obtained by hackers could cover a substantial proportion of people in America.

UnitedHealth has not seen evidence that information like doctors' charts or full medical histories were taken, but it will likely take several months to contact impacted individuals. The company has launched a call center to offer free identity theft protection and credit monitoring for two years to concerned patients.

Key Takeaways

• UnitedHealth Group paid ransom to cybercriminals after data breach at subsidiary Change Healthcare.
• Cyberattack compromised personal data of a significant portion of the U.S. population.
• Ransomware attack cost UnitedHealth $1.3-$1.6 billion and disrupted healthcare operations.
• UnitedHealth offering identity theft protection and credit monitoring to affected patients.
• Incident highlights growing threat to healthcare industry and security of personal health data.