April 23, 2024 at 08:38AM
UnitedHealth Group, the parent company of Change Healthcare, reported finding protected health information and personally identifiable information following a ransomware attack in February. The attack impacted hospitals and pharmacies using UnitedHealth’s services. It could take several months to complete the analysis of the data and identify affected individuals. The attack cost the company $870 million in Q1.
Here are the takeaways from the meeting notes:
– UnitedHealth Group, the parent company of Change Healthcare, suffered a ransomware attack impacting a significant amount of protected health information and personally identifiable information of individuals in the United States.
– Although there is no evidence of exfiltration of materials such as doctors’ charts or full medical histories, the breach did impact hospitals and pharmacies that use UnitedHealth’s services across the US.
– The company estimates that it will take several months to identify and notify impacted customers and individuals, indicating the complexity of the data review process.
– ALPHV, a criminal group, claimed responsibility for the breach, which was facilitated by pilfered credentials for a tech system allowing remote access to Change Healthcare’s network.
– UnitedHealth paid a ransom of around $22 million to protect patient data from disclosure.
– Another criminal group, RansomHub, released personal patient data from the hack and demanded a ransom to stop further leaks, which UnitedHealth and its cyber specialists are monitoring on the dark web.
– The financial impact of the ransomware attack is estimated to be around $870 million for the first quarter of the year and could reach $1.6 billion for the entire year.
Please let me know if you need more information or have any further questions.