UnitedHealth has confirmed for the primary time what varieties of medical and affected person knowledge have been stolen within the large Change Healthcare ransomware assault, stating that knowledge breach notifications might be mailed in July.
On Thursday, the corporate revealed a knowledge breach notification warning that the ransomware assault uncovered a “substantial quantity of data” for a “substantial proportion of people in America.”
Whereas UnitedHealth has not explicitly shared how many individuals have been affected, UnitedHealth CEO Andrew Witty said throughout a congressional listening to that “maybe a third” of all American’s well being knowledge was uncovered within the assault.
Based on the information breach notification, an enormous trove of delicate data was stolen, together with:
- Medical health insurance data (akin to main, secondary or different well being plans/insurance policies, insurance coverage corporations, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers);
- Well being data (akin to medical document numbers, suppliers, diagnoses, medicines, take a look at outcomes, photos, care and therapy);
- Billing, claims and fee data (akin to declare numbers, account numbers, billing codes, fee playing cards, monetary and banking data, funds made, and steadiness due); and/or
- Different private data akin to Social Safety numbers, driver’s licenses or state ID numbers, or passport numbers.
Nonetheless, Change Healthcare says that the uncovered knowledge could also be totally different for every impacted particular person and that sufferers’ full medical histories haven’t been seen within the stolen knowledge.
“CHC is posting this substitute notice to provide customers and individuals with information about the criminal cyberattack on CHC systems and to share resources available to people who believe their personal data potentially being impacted,” reads the Change Healthcare knowledge breach notification.
“The review of personal information potentially involved in this incident is in its late stages. CHC is providing this notice now to help individuals understand what happened, let them know that their information may have been impacted, and give them information on steps they can take to protect their privacy, including enrolling in two years of complimentary credit monitoring and identity theft protection services if they believe that their information may have been impacted.”
The corporate says it’s going to start mailing sufferers a proper knowledge breach notification letter in late July however might not have mailing addresses for all these impacted.
Within the meantime, those that are impacted can go to changecybersupport.com for extra data on how to enroll in free credit score monitoring and the way the stolen knowledge could possibly be utilized in fraudulent exercise.
The Change Healthcare ransomware assault
The information breach notifications are for a February ransomware assault on UnitedHealth subsidiary Change Healthcare when attackers stole 6 TB of knowledge from the corporate.
The assault led to widespread outages within the US healthcare system, stopping docs and pharmacies from submitting claims. The disruption was significantly noticeable in pharmacies, which couldn’t course of any insurance coverage claims or settle for low cost prescription playing cards, inflicting some sufferers to pay full worth to obtain medicines.
The BlackCat (aka ALPHV) ransomware gang carried out the assault, utilizing stolen credentials to log into the corporate’s Citrix distant entry service, which didn’t have multi-factor authentication enabled.
UnitedHealth admitted to paying a ransom demand, allegedly $22 million, to the ransomware gang, which was alleged to be break up with an affiliate who carried out the assault. Nonetheless, the BlackCat operation as a substitute shut down, stealing the complete fee for themselves.
supply:Â Dmitry Smilyanets
The indignant affiliate introduced they nonetheless had Change Healthcare’s knowledge and didn’t delete it as promised. They then started leaking a number of the stolen knowledge on the RansomHub knowledge leak website, demanding a further fee for the information to not be launched.
The entry for Change Healthcare mysteriously quickly disappeared from the RansomHub web site, indicating that United Well being paid a second ransom demand.
United Well being says that the Change Healthcare ransomware assault has induced $872 million in losses as of April, which can seemingly improve as soon as all investigations and remediations have been accomplished.
