Changing health care The company confirmed a ransomware attack in February on its systems, causing widespread disruption of the US healthcare system for weeks and leading to the theft of medical records that affected “a large percentage of people in America.”
in Thursday statementChange Healthcare said it has begun the process of notifying affected individuals whose information was stolen during the cyberattack.
The health technology giant, owned by US insurance group UnitedHealth Group, processes patient insurance and billing for thousands of hospitals, pharmacies and medical practices across the US healthcare sector. As such, the company has access to vast amounts of health information about About a third of all Americans.
Cyber attack Which prompted the company to shut down its systemsResulting in service interruptions and delays for thousands of healthcare providers who depend on the change, and impacting countless patients who were unable to obtain prescriptions or had medical care or procedures delayed.
The Change Organization said in its latest statement that it “cannot confirm exactly” what data was stolen about each individual, and that the information may vary from person to person.
Affected information includes personal information, such as names, addresses, dates of birth, phone numbers, and email addresses, as well as government identification documents, such as Social Security numbers, driver’s licenses, and passport numbers.
The data also includes medical records and health information, such as diagnoses, medications, test results, medications, imaging, and care and treatment plans, Cheng said. The hackers stole health insurance information, including plan and policy details, as well as billing, claims and payment information, which Cheng said included financial and banking information.
Change said it was still in the “late stages” of its review of the stolen data to determine what was taken, and that it was possible to identify more affected individuals. The company said some of the stolen information may relate to guarantors who paid someone else’s health care bills.
The company added that affected individuals should receive notification by mail starting in late July.
The ransomware attack on Change Healthcare is one of the largest known digital thefts of US medical records ever. While the full impact of this data breach remains unclear, the consequences for millions of Americans whose private medical information was irreversibly compromised are likely incalculable.
Change said it obtained a copy of the stolen data set in March to review to identify and notify affected individuals, which… The previous TechCrunch report was obtained in exchange for a ransom payment.
UnitedHealth confirmed it had paid at least one ransom demand to the cybercriminal group behind the ransomware attack, known as ALPHV, in an attempt to prevent the publication of stolen files. Another hacking group called RansomHub demanded additional payment from UnitedHealth after it claimed that ALPHV paid the initial ransom but left the stolen data with one of its affiliates — essentially a contractor — that broke in and spread the ransomware on Change’s systems.
RansomHub She subsequently posted several files on her dark web leak site They threatened to sell the data to the highest bidder if no further ransom was paid.
According to UnitedHealth CEO Andrew Witty, hackers broke into the Change Healthcare network using a set of stolen credentials for an internal system that was… Not protected by multi-factor authenticationa security feature that makes it difficult for malicious hackers to misuse stolen passwords.
The ransomware attack cost UnitedHealth about $870 million in the first three months of the year, as the company generated $100 billion in revenue, according to the company’s earnings report. UnitedHealth is expected to report its latest earnings in mid-July.