UnitedHealth Group Inc. has disclosed that personal information of a substantial portion of Americans may have been compromised in a cyberattack that targeted its Change Healthcare business earlier this year. The company emphasized that there are no indications that full medical histories or doctor charts were released, but it could take months to identify and notify those affected.
The cyberattack, which involved a ransomware group gaining access to some of the systems of Change Healthcare, disrupted payment and claims processing around the country, stressing doctor’s offices and health care systems. Federal civil rights investigators are already looking into whether protected health information was exposed in the attack.
UnitedHealth confirmed that screenshots containing protected health information and personally identifiable information were briefly posted on the dark web, and the company is closely monitoring the situation. Affected individuals will receive free credit monitoring and identity theft protection while UnitedHealth continues to restore services disrupted by the attack.
The healthcare giant has also provided billions of dollars in financial assistance to healthcare providers impacted by the incident. UnitedHealth took an $872 million hit from from the cyberattack in the first quarter, and company officials said that could grow beyond $1.5 billion for the year.
The cyberattack is a reminder of the importance of cybersecurity and the need for healthcare organizations to take steps to protect patient data. UnitedHealth is working to notify those affected and is offering free credit monitoring and identity theft protection. The company is also monitoring the internet and dark web for any additional file publication.
Patients who are concerned about their personal information should contact UnitedHealth for more information. The company has set up a website to answer questions and a call center to assist affected individuals.
