UnitedHealth Group Inc. has revealed that files containing personal information for a significant number of Americans may have been compromised in a cyberattack on its Change Healthcare business earlier this year. The company stated that there is no evidence of doctor charts or full medical histories being released, but it may take months to identify and notify those affected.
Screenshots with protected health information were reportedly posted online on the dark web for a week, although standard browsers cannot access this information. UnitedHealth is closely monitoring the situation and has not seen any additional file publications. They have set up a website and call center to address questions, but specifics on individual data impact are not yet available.
In response to the attack, UnitedHealth is offering free credit monitoring and identity theft protection to those affected. The company acquired Change Healthcare in an $8 billion deal in 2022, overcoming regulatory challenges. The ransomware attack disrupted payment and claims processing nationwide, prompting federal investigators to look into potential exposure of protected health information.
UnitedHealth is still working to restore services affected by the attack, prioritizing patient access to care and medication. Pharmacy services and medical claims are nearly back to normal levels, with payment processing at 86% of pre-attack levels. The company has provided over $6 billion in funding and loans to affected healthcare providers, but anticipates a financial impact of over $1.5 billion for the year. UnitedHealth’s stock price dipped slightly following the news.