The cyberattack on Change Healthcare in February targeted the data of “a substantial proportion of people in America,” UnitedHealth Group (UHG) said this week, with the company confirming that it paid a ransom in an effort to protect users’ information. patients.
“Based on the initial sampling of targeted data to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America,” UHG said in an announcement. to update on Monday about the attack on its subsidiary.
“To date, the company has not seen evidence of exfiltration of materials such as medical records or complete medical histories among the data.”
Due to the scope of the attack, UHG said it will likely take “several months” to identify and notify customers who were affected. The company launched a website where customers can get information and has created call centers to offer “free credit monitoring and identity theft protection for two years” to affected individuals.
He further shared that 22 screenshots purportedly of files taken from Change were posted for about a week on the dark web by a “malicious threat actor.” These files contained protected health information and personally identifiable information.
“We know this attack has caused concern and been disruptive to consumers and suppliers, and we are committed to doing everything we can to help and provide support to anyone who may need it,” UHG CEO Andrew Witty said in a statement.
Witty is scheduled to testify before the House Energy and Commerce Oversight and Investigations Subcommittee on May 1.
A UHG spokesperson also confirmed to The Hill that a ransom payment had been made, saying, “A ransom was paid as part of the company’s commitment to do everything it could to protect patient data from disclosure.”
Change is one of the leading insurance processing companies in the US. U.S. UHG’s ownership of Change, which the Justice Department tried to block, has reignited concerns about vertical integration and the risks involved in individual companies running large swaths of the healthcare sector. The DOJ reportedly launched an antitrust investigation at UHG earlier this year.
Federal Trade Commission Chair Lina Khan commented on the Change cyberattack when speaking to reporters on Tuesday.
“It’s fair to say that we’ve seen ways in which consolidation and concentration of data can create more vulnerabilities, right. Because if there is a hack, there are more things that can be exposed. And so we see some of these interconnections,” Khan said.
“One of the main solutions we have been advocating is this concept of data minimization. So the idea that you should really minimize the data that you are collecting or storing in the first place.”
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.
This story originally appeared on thehill.com read the full story
