UnitedHealth Group confirmed on Monday that it succumbed to demands of ransom payment after a cyberattack on its subsidiary, Change Healthcare, in February. This measure was taken in an attempt to safeguard sensitive patient data.
The company acknowledged that the breach compromised files containing personal information, including protected health information and personally identifiable information. UnitedHealth stated that the compromised files could potentially impact a substantial number of individuals in the United States.
Change Healthcare is a provider of payment and revenue cycle management tools, handling over 15 billion transactions annually. Consequently, the attack may have affected individuals beyond UnitedHealth customers.
UnitedHealth reported that 22 screenshots of the compromised files have been uploaded to the dark web. However, the company emphasized that no other data has been publicly released and there is no evidence of access to doctors’ charts or complete medical histories.
In response to the incident, UnitedHealth has established a dedicated website for concerned patients to access resources and launched a call center offering free identity theft protection and credit monitoring for two years. The call center will not provide specific information about individual data impact due to the ongoing complexity of the data review.
