UnitedHealth Group: Patient data compromised despite paying ransomware

UnitedHealth Group officials on Monday announced a February cyberattack compromised an unknown number of Change Healthcare customers despite paying a ransom. Photo by Justin Lane/EPA-EFE

April 23 (UPI) -- Officials for Minnesota-based UnitedHealth Group on Monday said the health insurance and services provider paid a ransom to protect patients' data, but many personal files were breached in a recent cyberattack.

Cyber criminals targeted subsidiary Change Healthcare in February, and UnitedHealth Group paid an undisclosed ransom amount, corporate officials announced in a news release Monday.

The cyberattack compromised the personal healthcare data of many Americans, NBC News and TechCrunch reported.

"We know this attack has caused concern and been disruptive for consumers and providers," UnitedHealth Group CEO Andrew Witty said. "We are committed to doing everything possible to help and provide support to anyone who may need it."

Witty said it will take several months for UnitedHealth Group to continually analyze the data breach to identify those whose personal data was compromised and notify them.

The analysis includes monitoring the dark web and Internet to see if anyone's breached data was published. It also is utilizing information from 22 screenshots of alleged personal health and identity information that were published for about a week on the dark web by a "malicious actor," UnitedHealth Group officials said.

Corporate officials are communicating with law enforcement while undertaking the extended analysis to determine the full extent of data breached by the cyberattack.

UnitedHealth Group officials said the corporation "has made continued strong progress restoring services impacted by the event" and "prioritized the restoration of services that impact patient access to care or medication."

Medical claims processing and pharmacy services are nearly at normal levels, and payment processing for Change Healthcare is at about 86% of its normal levels and improving daily, UnitedHealth Group officials said.

The healthcare provider in February identified the BlackCat ransomware gang as the perpetrators of the cyberattack.

Investigators with the Department of Health and Human Services in March began investigating the cyberattack.