UnitedHealth confirms ransom was paid to hackers in February cybersecurity attack

UnitedHealth Group paid hackers a ransom this year to protect patient data, a spokesperson for the company confirmed to 5 EYEWITNESS NEWS on Thursday.

On Feb. 21, the Minnetonka-based health consultant said it had been the victim of a ransomware attack, and a group of hackers claimed to have stolen at least six terabytes of data from the health insurer and Change Healthcare.

RELATED: Hackers claim Minnesota-based UnitedHealth Group paid $22M ransom for patient, employee data, reports say

The attack impacted prescription availability, paychecks for medical workers, discharges from hospitals, and billing and care-authorization portals across the country.

UnitedHealth did not say how much was paid to the hackers, although the “ALPHV/Blackcat” internet hacker group had asked for $22 million in exchange for the data back. 

On Monday, UnitedHealth said the hackers appeared to have taken a substantial number of files containing “protected health information” and “personally identifiable information.” However, UnitedHealth says Change Healthcare has not seen evidence that doctor’s charts or full medical histories were taken amongst the data.

RELATED: UnitedHealth says ‘substantial’ amount of data could have been taken in cyberattack

RELATED: Class suit filed against UnitedHealth Group for ransomware attack