The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to guard delicate knowledge stolen in the course of the Optum ransomware assault in late February.
The assault led to an outage that impacted the Change Healthcare cost, affecting a spread of essential companies utilized by healthcare suppliers and pharmacies throughout the U.S., together with cost processing, prescription writing, and insurance coverage claims.
The BlackCat/ALPHV ransomware gang claimed the assault, alleging to have stolen 6TB of delicate affected person knowledge. In early March, BlackCat carried out an exit rip-off after allegedly getting $22 million in ransom from UnitedHealth.
Every week later, the U.S. authorities launched an investigation into whether or not well being knowledge had been stolen within the ransomware assault at Optum.
By mid-April, the extortion group RansomHub raised the strain much more on UnitedHealth by beginning to leak what they claimed to be company and affected person knowledge stolen in the course of the assault.
The subsequent day, the group reported that the cyberattack had prompted $872 million in monetary damages.
Information stolen, ransom paid
In an announcement for BleepingComputer, the corporate confirmed that it paid a ransom to keep away from affected person knowledge from being bought to cybercriminals or leaked publicly.
“A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure” – UnitedHealth Group
BleepingComputer checked RansomHub’s knowledge leak web site and might verify that the risk actor has eliminated UnitedHealth from its checklist of victims.
Yesterday, UnitedHealth posted an replace on its web site asserting assist for individuals whose knowledge had been uncovered by the February ransomware assault, formally confirming the info breach incident.
“Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America,” reads the announcement.
“To date, the company has not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data,” the corporate says.
The corporate reassures sufferers that solely 22 screenshots of stolen information, some containing personally identifiable data, had been posted on the darkish net, and that no different knowledge exfiltrated within the assault has been revealed “at this time.”
The medical health insurance and companies group promised to ship customized notifications as soon as it completes its investigation into the kind of data has been compromised.
A devoted name middle that can be providing two years of free credit score monitoring and identification theft safety companies has additionally been arrange as a part of the group’s effort to assist these impacted.
At present, 99% of the impacted companies are operational, medical claims circulation at near-normal ranges, and cost processing stands at roughly 86%.
