UnitedHealth Group, a major player in the health insurance industry, has disclosed a significant breach involving the theft of Americans' private healthcare data following a ransomware attack on its subsidiary, Change Healthcare.
According to UnitedHealth, the ransomware gang responsible for the attack obtained files containing personal data and protected health information, potentially affecting a large portion of the American population. While the company did not specify the exact number of individuals impacted, it noted that the data review process is expected to take several months before affected individuals are notified.
Change Healthcare, which handles insurance and billing for numerous healthcare entities across the U.S., has access to extensive health information on approximately half of all Americans. UnitedHealth clarified that there's no evidence suggesting the theft of doctors' charts or full medical histories from its systems.
This revelation follows the emergence of a new hacking group, RansomHub, which recently began publishing portions of the stolen data online in an attempt to extort additional ransom payments. UnitedHealth confirmed that it paid the cybercriminals, though it did not disclose the amount.
Interestingly, this isn't the first time Change Healthcare has been targeted by ransomware. In March, the company reportedly paid $22 million to a Russia-based criminal gang, ALPHV, which subsequently vanished without distributing the ransom to its affiliate responsible for the data theft.
The cyberattack on Change Healthcare led to widespread disruptions in the healthcare sector, affecting pharmacies, hospitals, and patient care services. UnitedHealth estimated losses exceeding $870 million due to the attack, although its overall revenue for the first quarter remained higher than anticipated.
UnitedHealth CEO Andrew Witty, slated to testify before House lawmakers on May 1, is likely to face scrutiny over the company's handling of the breach and its broader implications for patient privacy and cybersecurity in the healthcare industry.
No comments:
Post a Comment