UnitedHealth Group Pays Ransom to Hackers to Protect Patient Data
In a shocking turn of events, UnitedHealth Group has confirmed that they paid an undisclosed ransom to hackers in order to retain patient data that may have been compromised in a recent cyberattack. The attack, which occurred in February, targeted patients of Change Healthcare, a division of United’s Optum.
A UnitedHealth representative told CNBC, “This attack was conducted by malicious threat actors, and we continue to work with law enforcement and multiple leading cyber security firms during our investigation. A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure.”
The hacked files contained protected health information and personally identifiable information for a significant number of individuals in America, although the exact number of affected patients was not disclosed. Fortunately, there is no evidence that the data was exfiltrated for malicious use, and medical records do not appear to be part of the compromised data set.
UnitedHealth CEO Andrew Witty stated, “We know this attack has caused concern and been disruptive for consumers and providers, and we are committed to doing everything possible to help and provide support to anyone who may need it.” The company estimates that it will take several months to determine the specific individuals impacted by the breach.
In response to the cyberattack, UnitedHealth is offering two years of free access to a dedicated call center for credit monitoring and identity theft protection to those affected. The company is also working closely with law enforcement and regulators to provide appropriate notifications as more information becomes available.