Unitedhealth Confirms That 100 Million Users Were Impacted in the February Ransomware Attack

• After months of investigating, UnitedHealth finally accepted that about 100 million users had their data stolen during the February ransomware attack.
• The original victim of the attack was Change Healthcare. However, since UnitedHealth is its client, its users were also affected.
• The Russian group ALPHV/BlackCat claimed responsibility for the attack.

UnitedHealth officially confirms that it has been affected in the February ransomware attack on Change Healthcare and more than 100 million had their personal health data stolen. The number was first updated by the U.S. Department of Health and Human Services on its data breach portal on Thursday.

Stolen data includes personal details such as names, dates of birth, phone numbers, Social Security numbers, passport numbers, and driver's license numbers.

Along with these, health-related information such as diagnosis, test results, treatment plans, test images, and insurance details were also stolen. The breach and its impact have been addressed many times before.

• In May, CEO Andrew Witty said during a congressional hearing that one-third of all American's data might have been compromised in this attack.
• A month later, the company said that a substantial amount" of data for a substantial number of people" had been compromised in the attack. This is the first time that UnitedHealth has put an actual number on it.

UnitedHealth had made a statement in February claiming that around 8 Terabytes of data was stolen. However, it later deleted this statement. The company first started notifying the affected users in July and is continuing to do so even in October.

We continue to notify potentially impacted individuals as quickly as possible, on a rolling basis, given the volume and complexity of the data involved, and the investigation is still in its final stages.' - UHG spokesperson

About the Attack

The original victim of the attack is Change Healthcare - a renowned healthcare technology company that provides multiple services such as payment management, revenue cycle management, and health information exchange solutions. UnitedHealth is one of its clients.

Naturally, due to the nature of its work, it comes across a lot of personal and medical information belonging to the users of its clients. So when it was attacked in February, most of its clients, including UnitedHealth, also had to bear the consequences.

It's hard to say when exactly the attack happened but it was made public on February 21. Russian cybercrime group ALPHV/BlackCat took responsibility for the attack.

The group was paid $22 million in ransom. However, the leader ran away with the money, ditching the contractors who actually carried out the hacking. So the contractors then kept the stolen data and formed a new group which forced the company to pay another ransom.

After the payment was made, Change Healthcare did receive a copy of the data stolen. However, it can't be confirmed whether the group has actually deleted the data. Sometimes, ransomware groups keep the data even after receiving the money.

Change Healthcare is still reeling from the attack. Many of its systems are still offline. Plus, the company is also facing scrutiny from lawmakers for its poor security measures.

Authorities were surprised that the company's cybersecurity measures could be so easily bypassed - it didn't even have multi-factor authentication. The hackers were able to compromise their systems with just a stolen password.

As for the ALPHV/BlackCat group and its leaders, all the efforts of the authorities to nab them have failed so far.

The post Unitedhealth Confirms That 100 Million Users Were Impacted in the February Ransomware Attack appeared first on Techreport.