Manas Mishra and Zeba Siddiqui
(Reuters) – UnitedHealth Group said on Monday that hackers stole the health and personal data of a potentially “significant share” of Americans from its systems in February, as the largest U.S. insurer struggles to contain the damage.
The intrusion into Change Healthcare (NASDAQ:), which processes about 50% of medical claims in the United States, was one of the worst hacks to hit American healthcare and caused widespread disruptions in the payment of doctors and medical institutions.
Disclosure assumes that patients’ medical information remains vulnerable. An initial review of the compromised data revealed files containing protected health information or personal information “that may affect a significant portion of people in America,” the company said in a statement on its website.
The theft on February 21 occurred despite the payment of a ransom.
“The ransom was paid as part of the company’s commitment to do everything possible to protect patient data from disclosure,” UnitedHealth (NYSE:) CEO Andrew Whitty told CNBC on Monday.
“This attack was carried out by malicious actors, and we continue to work with law enforcement and several leading cybersecurity firms as we continue our investigation.”
Hackers typically seek sensitive data such as patient records, medical histories, or treatment plans for use in further criminal activities or ransom demands in such breaches.
While a full analysis of the stolen data will take “several months,” there is no evidence that physician records or people’s complete medical records were stolen, UnitedHealth said. He did not say exactly how much people’s data was stolen, but said that he monitors online forums where hackers tend to leak or exchange such data packets.
remove advertising
.
The cybercriminal gang behind the hack, known as AlphV or BlackCat, did not respond to multiple requests for comment.
Another hacking group posted 22 screenshots on the dark web in about a week, some of which contained protected health and personal data of UntiedHealth customers, the company said, adding that it was not aware of any other leaks at this time.
The group, calling itself Ransomhub, previously told Reuters that a disgruntled Blackcat affiliate had provided it with data.
Shortly after the hack became public in February, Blackcat said on its website that it had stolen 8 terabytes of confidential records from Change Healthcare, but later deleted that statement without explanation.
“We know this attack has caused concern and harm to consumers and providers, and we are committed to doing everything we can to help and provide support to anyone who may need it,” UnitedHealth CEO Whitty said in a company release.