UnitedHealth, a company that serves more than 152 million customers, revealed on Monday that cyberthreat actors had accessed files containing protected health information and personally identifiable information. These files have the potential to cover a significant portion of the American population.
Change Healthcare, a company providing payment and revenue cycle management tools, processes over 15 billion transactions each year, with 1 in every 3 patient records passing through their systems. This suggests that individuals who are not customers of UnitedHealth may have also been impacted by the cyberattack.
UnitedHealth mentioned that 22 screenshots allegedly showing compromised files had been uploaded to the dark web. The company emphasized that no other data had been published, and there was no evidence to suggest that doctors’ charts or full medical histories were accessed in the breach. UnitedHealth’s CEO, Andrew Witty, expressed empathy for the concerns and disruptions caused by the attack and assured their commitment to providing support.
The ransom payment amount was not specified by the company. To help affected patients access resources and initiate identity theft protections and credit monitoring for two years, UnitedHealth has set up a dedicated website and initiated a call center. Despite ongoing complexity in data review, the call center will not be able to provide specific details regarding individual data impact.
