UnitedHealthcare, the largest health insurer in the US, recently faced a significant cyberattack, potentially affecting around a third of US citizens. The breach occurred in February at UnitedHealth’s tech unit, Change Healthcare, which processes approximately 50% of all medical claims in the US. The incident has caused widespread disruptions in claims processing, impacting patients and providers nationwide.
The CEO of UnitedHealth Group, Andrew Witty, testified before a Congressional committee about the extent of the breach. He stated that the hackers might have stolen a third of Americans’ protected health information and personally identifiable information. However, the exact number of affected individuals is still under investigation.
The cybercriminal group AlphV was responsible for the breach. They infiltrated Change on February 12 using stolen login credentials on an older server that lacked multi-factor authentication. This security measure, which adds an extra step to log into accounts and systems, could have prevented the breach if it had been in place.
The server was part of a platform that had recently become part of the company and was in the process of being upgraded. The platform did not have the security measures prescribed in a joint alert issued by the FBI and US cyber and health officials in December 2023 to warn about AlphV, also known as BlackCat, targeting healthcare organizations.
UnitedHealth paid the gang around $22 million in bitcoin as ransom. However, there is no guarantee that the breached data is secure and could not still be leaked. Another hacking group claiming to be an offshoot of AlphV said last month it had a copy of the data, though the company has not verified that claim.
The incident has raised questions about UnitedHealth’s dominant role in American healthcare. With a market capitalization of $445 billion and annual revenue of $372 billion, any problems at UnitedHealth could potentially impact the broader economy. The company is now enforcing a policy across the organization to have multi-factor authentication on all of its external systems.
Read more at: techcrunch.com