April 23, 2024 at 10:13AM
UnitedHealth Group confirmed a ransomware attack in February, exposing PII and PHI of many Americans. Despite paying a $22 million ransom, the attacker released data. UnitedHealth reported partial functionality restoration and incurred $872 million in costs. $6 billion was allocated for impacted healthcare providers. Investigation and notifications to affected individuals continue.
From the meeting notes, it appears that Change Healthcare, a subsidiary of UnitedHealth Group, has experienced a significant ransomware attack resulting in the theft of personally identifiable information (PII) and protected health information (PHI). The breach has impacted a substantial proportion of people in the US. The attackers, reportedly the Alphv/BlackCat ransomware affiliate, claim to have stolen roughly 4Tb of data and carried out an exit scam after UnitedHealth paid a $22 million ransom. Following this, the attackers threatened to release the stolen data unless a new ransom was paid, and as reported by CNBC, a new ransom was indeed paid.
At present, UnitedHealth has confirmed that there is no evidence of full medical histories being compromised, and efforts to restore Change Healthcare’s functionality are underway, with some services already operating at near-normal levels.
Additionally, as part of its first quarter 2024 earnings results, UnitedHealth Group disclosed that the ransomware attack has incurred costs of $872 million, with potential costs expected to reach $1.6 billion by the end of the year. The company has also provided over $6 billion in advance funding to support impacted healthcare providers.
Comprehensive data analysis is ongoing, and despite the restoration efforts, it may take several months before the full scope of the incident is understood and impacted individuals are identified and notified.
I hope this summary accurately captures the key takeaways from the meeting notes. Please let me know if there is anything else you would like to add or modify.