Ransomware attack on UnitedHealth Group's subsidiary affects millions of Americans

Ransomware attack on UnitedHealth Group's subsidiary affects millions of Americans
23 Apr 2024

UnitedHealth Group, a leading health insurance provider in the US, has confirmed a significant ransomware attack on its subsidiary, Change Healthcare.

The breach resulted in the theft of substantial private healthcare data of American citizens.

The company revealed that a ransomware group had accessed files containing personal and protected health information.

The exact number of impacted individuals remains unknown as the data review process continues.

Change Healthcare holds health information for half of all Americans
Responsibility

Change Healthcare, is responsible for processing insurance and billing for numerous pharmacies, hospitals, and medical practices across the US.

The company holds health information for approximately half of all Americans.

Despite the breach, UnitedHealth has found no evidence to suggest that complete medical histories or doctors' charts were compromised in the attack.

The confirmation of this data breach came a week after a new hacking group began releasing parts of the stolen data.

RansomHub released personal patient information on dark web
Cyber threat

The hacking group, RansomHub, released several files on its dark web site, containing personal patient information across various documents.

Some of these documents were internal files associated with Change Healthcare.

The group threatened to sell the stolen data unless a ransom was paid by Change Healthcare.

In response, UnitedHealth Spokesperson Tyler Mason confirmed that the company had paid the cybercriminals to prevent further disclosure of patient data. The exact amount paid remains undisclosed.

Change Healthcare paid $22 million to ALPHV
Past breach

This is not the first time Change Healthcare has been targeted by ransomware groups. Earlier this year, it reportedly paid $22 million to ALPHV, a criminal gang based in Russia.

However, ALPHV disappeared without paying their affiliate who executed the data theft, their share of the ransom.

RansomHub claimed in its post that it now possesses the stolen data and not ALPHV.

UnitedHealth acknowledged some of the stolen files' publication but did not claim ownership of these documents.

Hackers infiltrated network using stolen credentials
Network disruption

The Wall Street Journal reported that ALPHV's criminal hacking affiliate, infiltrated Change Healthcare's network via stolen credentials for a system that allows remote access.

The hackers reportedly remained in the network for more than a week before deploying ransomware, enabling them to steal huge amounts of data.

The attack on Change Healthcare started on February 21, and caused outages at pharmacies and hospitals across the US.

This led to significant backlogs and financial pressure on healthcare providers.