The cyberattack on Change Healthcare in February focused the information of “a considerable proportion of individuals in America,” UnitedHealth Group (UHG) mentioned this week, with the corporate confirming it paid a ransom in an effort to guard affected person data.
“Based mostly on preliminary focused knowledge sampling so far, the corporate has discovered recordsdata containing protected well being data (PHI) or personally identifiable data (PII), which might cowl a considerable proportion of individuals in America,” UHG mentioned in an replace on Monday concerning the assault on its subsidiary.
“Thus far, the corporate has not seen proof of exfiltration of supplies comparable to docs’ charts or full medical histories among the many knowledge.”
As a result of scope of assault, UHG mentioned it is going to possible take “a number of months” to determine and notify clients who had been impacted. The corporate has launched an internet site the place clients can get data and has arrange name facilities to supply “provide free credit score monitoring and identification theft protections for 2 years” to affected people.
It additional shared that 22 screenshots allegedly from recordsdata taken from Change had been posted for a couple of week on the darkish net by a “malicious risk actor.” These recordsdata contained each protected well being data and personally identifiable data.
“We all know this assault has triggered concern and been disruptive for customers and suppliers and we’re dedicated to doing the whole lot attainable to assist and supply help to anybody who might have it,” UHG CEO Andrew Witty mentioned in an announcement.
Witty is scheduled to testify earlier than the Home Vitality and Commerce Subcommittee on Oversight and Investigations on Might 1.
A UHG spokesperson additionally confirmed to The Hill {that a} ransom cost had been made, saying, “A ransom was paid as a part of the corporate’s dedication to do all it might to guard affected person knowledge from disclosure.”
Change is among the high insurance coverage processing firms within the U.S. UHG’s possession of Change, which the Justice Division tried to dam, has reignited considerations over vertical integration and the dangers concerned in single firms commanding massive swaths of the healthcare trade. The DOJ reportedly launched an antitrust investigation into UHG earlier this 12 months.
Federal Commerce Fee Chair Lina Khan commented on the Change cyberattack whereas talking with reporters on Tuesday.
“It’s honest to say now we have seen methods through which consolidation and focus of knowledge can create extra vulnerabilities, proper. As a result of if there’s a hack, there’s extra that might get uncovered. And so we see a few of these interconnections,” mentioned Khan.
“One of many key cures that we’ve been pushing is this idea of knowledge minimization. So the concept that you must actually reduce what knowledge you’re even gathering or storing within the first place.”
Copyright 2024 Nexstar Media Inc. All rights reserved. This materials will not be revealed, broadcast, rewritten, or redistributed.
