UnitedHealth has confirmed for the primary time what sorts of medical and affected person knowledge have been stolen within the huge Change Healthcare ransomware assault, stating that data breach notifications will probably be mailed in July.
On Thursday, the corporate printed a data breach notification warning that the ransomware assault uncovered a “substantial amount of knowledge” for a “substantial proportion of individuals in America.”
Whereas UnitedHealth has not explicitly shared how many individuals have been affected, UnitedHealth CEO Andrew Witty acknowledged throughout a congressional listening to that “perhaps a 3rd” of all American’s well being knowledge was uncovered within the assault.
In accordance with the data breach notification, an enormous trove of delicate data was stolen, together with:
- Medical insurance data (corresponding to major, secondary or different well being plans/insurance policies, insurance coverage corporations, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers);
- Well being data (corresponding to medical report numbers, suppliers, diagnoses, medicines, take a look at outcomes, pictures, care and therapy);
- Billing, claims and cost data (corresponding to declare numbers, account numbers, billing codes, cost playing cards, monetary and banking data, funds made, and steadiness due); and/or
- Different private data corresponding to Social Safety numbers, driver’s licenses or state ID numbers, or passport numbers.
Nonetheless, Change Healthcare says that the uncovered knowledge could also be totally different for every impacted particular person and that sufferers’ full medical histories haven’t been seen within the stolen knowledge.
“CHC is posting this substitute discover to offer prospects and people with details about the legal cyberattack on CHC programs and to share assets obtainable to individuals who consider their private knowledge doubtlessly being impacted,” reads the Change Healthcare data breach notification.
“The evaluation of non-public data doubtlessly concerned on this incident is in its late phases. CHC is offering this discover now to assist people perceive what occurred, allow them to know that their data could have been impacted, and provides them data on steps they will take to guard their privateness, together with enrolling in two years of complimentary credit score monitoring and identification theft safety providers in the event that they consider that their data could have been impacted.”
The corporate says it would start mailing sufferers a proper data breach notification letter in late July however could not have mailing addresses for all these impacted.
Within the meantime, those that are impacted can go to changecybersupport.com for extra data on how to join free credit score monitoring and the way the stolen knowledge may very well be utilized in fraudulent exercise.
The Change Healthcare ransomware assault
The data breach notifications are for a February ransomware assault on UnitedHealth subsidiary Change Healthcare when attackers stole 6 TB of knowledge from the corporate.
The assault led to widespread outages within the US healthcare system, stopping medical doctors and pharmacies from submitting claims. The disruption was significantly noticeable in pharmacies, which couldn’t course of any insurance coverage claims or settle for low cost prescription playing cards, inflicting some sufferers to pay full value to obtain drugs.
The BlackCat (aka ALPHV) ransomware gang performed the assault, utilizing stolen credentials to log into the corporate’s Citrix distant entry service, which didn’t have multi-factor authentication enabled.
UnitedHealth admitted to paying a ransom demand, allegedly $22 million, to the ransomware gang, which was presupposed to be cut up with an affiliate who performed the assault. Nonetheless, the BlackCat operation as an alternative shut down, stealing all the cost for themselves.
supply: Dmitry Smilyanets
The indignant affiliate introduced they nonetheless had Change Healthcare’s knowledge and didn’t delete it as promised. They then started leaking among the stolen knowledge on the RansomHub knowledge leak website, demanding an extra cost for the info to not be launched.
The entry for Change Healthcare mysteriously quickly disappeared from the RansomHub web site, indicating that United Well being paid a second ransom demand.
United Well being says that the Change Healthcare ransomware assault has prompted $872 million in losses as of April, which is able to seemingly enhance as soon as all investigations and remediations have been accomplished.
