Class suit filed against UnitedHealth Group for ransomware attack

Emily Baude KSTP

UnitedHealth Group is facing a class action lawsuit after hackers say they stole a significant amount of data during a February ransomware cyberattack.

The Minnetonka-based health insurer is comprised of Change Healthcare, Optum, UnitedHealthcare and UnitedHealth Group.

According to the class action complaint, UnitedHealth Group is one of the country’s biggest prescription medicine processors, billing over 67,000 pharmacies nationwide and facilitating 15 billion healthcare transactions annually.

The plaintiff says UnitedHealth Group should and could have taken more measures to ensure patient confidentiality and prevent cyberattacks.

RELATED: A large US health care tech company was hacked. It’s leading to billing delays and security concerns

The cyberattack

On Feb. 21, UnitedHealth Group said it had been the victim of a ransomware attack, and a group of hackers claimed to have stolen at least six terabytes of data from the health insurer. The attack impacted prescription availability, paychecks for medical workers, discharges from hospitals, and billing and care-authorization portals across the country.

UnitedHealth Group confirmed that the ransomware group ALPHV, or Blackcat, was responsible for the data breach.

Blackcat later took responsibility for the attack and claimed UnitedHealth Group had paid $22 million for its data back.

While UnitedHealth Group has not confirmed it paid a ransom for its data back, 5 EYEWITNESS NEWS previously spoke to cybersecurity expert Scott Spiro, who said, “The smoking gun, so to speak, was a publicly visible $22 million transaction on Bitcoin’s blockchain.”

RELATED: Hackers claim Minnesota-based UnitedHealth Group paid $22M ransom for patient, employee data, reports say

The cyberattack caused significant disruptions for patients needing prescriptions filled and verifying insurance coverage.

Earlier this month, a health analytical firm, First Health Advisory, estimated the cyberattack had cost health care providers more than $100 million per day so far.

According to the Department of Justice, Blackcat’s method of hacking typically involves stealing victims’ data before encrypting the network and servers, rendering them inaccessible. Blackcat then demands a ransom in exchange for the decryption keys.

The Department of Justice added that the information often makes its way onto the dark web, even if the ransom is paid.

Class action lawsuit

On Wednesday, a class action complaint was filed in federal court against UnitedHealth Group.

The lawsuit, filed on behalf of a Texas woman, says that since the breach, the plaintiff has spent “considerable” time and effort investigating the breach and checking her financial and medical records to ensure there was no unauthorized activity.

The lawsuit also alleges that UnitedHealth Group’s cybersecurity practices and policies were insufficient, did not meet industry-standard measures, and did not protect the class action members.

It goes on to say that, as one of the largest health care providers in the world, UnitedHealth could and should have implemented practices to detect and prevent cyberattacks.

The plaintiff and members of the class action are seeking compensatory damages and injunctive relief for negligence, negligence per se, breach of implied contract, and unjust enrichment by UnitedHealth Group.

The class action is also seeking for UnitedHealth to remediate its policies and procedures around cybersecurity, in order to prevent a future attack.

5 EYEWITNESS NEWS reached out to UnitedHealth Group for a response and a spokesperson replied, “We are focused on the investigation and recovery of Change Healthcare’s operations.”

On Wednesday, the Office for Civil Rights announced that it is investigating whether Change Healthcare followed protocol and laws protecting patient privacy.

The investigation was spurred by the “unprecedented magnitude” of the attack, Office for Civil Rights Director Melanie Fontes Rainer said in a letter.

Change Healthcare said Wednesday that all of its major pharmacy and payment systems were back online. Last week, the company said it expects to start reestablishing connections to its claims network and software on March 18.

RELATED: The massive health care hack is now being investigated by the federal Office of Civil Rights

RELATED: UnitedHealth sets mid-March goal for restoring Change systems after cyberattack

The Associated Press contributed to this story.