UnitedHealth says ‘substantial’ amount of data could have been taken in cyberattack

Emily Baude KSTP

On Monday, UnitedHealth Group provided an update on the Change Healthcare cyberattack that may have exposed data belonging to “a substantial proportion of people in America” earlier this year.

The hackers appear to have taken files containing “protected health information” and “personally identifiable information.” However, UnitedHealth says Change Healthcare has not seen evidence that doctor’s charts or full medical histories were taken amongst the data.

“We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it,” said Andrew Witty, chief executive officer of UnitedHealth Group.

The Minnetonka-based company is expecting the process of notifying impacted customers to take several more months.

During that time, Change Healthcare has set up a webpage to provide customers with resources to protect their data.

Data recovered in the breach appears to have mostly not made its way to the dark web, according to a spokesperson for UnitedHealth.

So far, 22 screenshots allegedly taken from exfiltrated files have been posted on the dark web for about a week, although no other data publications are known at this time.

UnitedHealth said in February that a ransomware group had gained access to some of the systems of its Change Healthcare business, which provides technology for submitting and processing insurance claims.

The attack disrupted payment and claims processing around the country, stressing doctor’s offices and health care systems.

Federal civil rights investigators are already looking into whether protected health information was exposed in the attack.

UnitedHealth said Monday that it was still restoring services disrupted by the attack. It has been focused first on restoring those that affect patient access to care or medication.

Despite the data breach decimating pharmacy’s ability to provide medication, most pharmacy services are back to near-normal levels, said a spokesperson for UnitedHealth.

RELATED: Hackers claim Minnesota-based UnitedHealth Group paid $22M ransom for patient, employee data, reports say

RELATED: Cyberattack costs hit UnitedHealth in 1Q that still turns out better than expected

The Associated Press contributed to this report.