UnitedHealth paid ransom after massive Change Healthcare cyberattack

April 23, 2024
1 min read
UnitedHealth paid ransom after massive Change Healthcare cyberattack


Russia-based cybercriminals who attacked a company owned by UnitedHealth Group company in February did not leave the project empty-handed.

“A ransom was paid as part of the company’s commitment to do everything it could to protect patient data from disclosure,” a UnitedHealth Group spokesperson confirmed to CBS News on Monday night.

The spokesperson did not reveal how much the healthcare giant paid after the cyber attack, which closed operations in hospitals and pharmacies for more than a week. Multiple media sources reported that UnitedHealth paid US$22 million in the form of bitcoin.

“We know this attack has caused concern and been disruptive to consumers and providers, and we are committed to doing everything we can to help and provide support to anyone who may need it,” UnitedHealth CEO Andrew Witty said in a statement Monday. .

UnitedHealth guilty the breach by a Russian ransomware gang known as ALPHV or BlackCat. The group itself claimed responsibility for the attack, claiming it stole more than six terabytes of data, including “sensitive” medical records, from Change Healthcare, which processes health insurance claims for patients who visited hospitals, medical centers or pharmacies.


Doctor describes devastating effects of UnitedHealth cyber attack

02:22

The scale of the attack – Change Healthcare processes 15 billion transactions per year, according to to the American Hospital Association — meant that even patients who weren’t UnitedHealth customers would potentially be affected. The attack already cost UnitedHealth Group nearly $900 millioncompany officials said when reporting first-quarter earnings last week.

Ransomware attacks, which involve disabling a target’s computer systems, have become increasingly common in the healthcare sector. The annual number of ransomware attacks against hospitals and other vendors doubled from 2016 to 2021, according to a 2022 study published in the JAMA Health Forum.

The Change Healthcare incident was “a direct attack on the U.S. healthcare system and designed to cause maximum damage,” Witty told analysts during an earnings call last week. Ultimately, the cyberattack is expected to cost UnitedHealth between $1.3 billion and $1.6 billion this year, the company predicted in its earnings report.



Source link