UnitedHealth Group has confirmed that a ransomware attack on its subsidiary, Change Healthcare, resulted in a significant theft of Americans’ private healthcare data. The health tech giant, which handles health data for about half of all Americans, stated that the data breach may cover a “substantial proportion of people in America”.
The ransomware attack was carried out by a new hacking group called RansomHub, which published several files containing personal information about patients across an array of documents. Some of these documents included internal files related to Change Healthcare. RansomHub threatened to sell the stolen data unless Change Healthcare paid a ransom. In response, UnitedHealth confirmed that it paid the cybercriminals to protect patient data from disclosure.
The company has not yet seen evidence that doctors’ charts or full medical histories were exfiltrated from its systems. However, the data review is likely to take several months before the company can begin notifying individuals that their information was stolen in the cyberattack.
This incident comes after UnitedHealth reportedly paid $22 million to a Russia-based criminal gang called ALPHV in March, which then disappeared, leaving the affiliate that carried out the data theft without their portion of the ransom. RansomHub claimed that they, not ALPHV, had the stolen data.
The admission that hackers stole Americans’ health data comes a week after RansomHub began publishing portions of the stolen data in an effort to extort a second ransom demand from the company. This sets the stage for a significant legal battle between UnitedHealth and the ransomware group.
Read more at: techcrunch.com