Topics
Latest
AI
Amazon
Image Credits:Patrick Sison / AP
Apps
Biotech & Health
Climate
Image Credits:Patrick Sison / AP
Cloud Computing
Commerce
Crypto
UnitedHealth CEO Andrew Witty testifies before the Senate Finance committee on Capitol Hill on May 1, 2024, in Washington, DC.Image Credits:Kent Nishimura / Getty Images
Enterprise
EVs
Fintech
fund-raise
gismo
gage
Government & Policy
ironware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
startup
TikTok
Transportation
Venture
More from TechCrunch
event
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
touch Us
More than 100 million individuals had their individual wellness info steal during the ransomware attack on Change Healthcare in February , a cyberattack that caused months of unprecedented outage and widespread hurly burly across the U.S. health care sphere .
This is the first sentence that UnitedHealth Group ( UHG ) , the U.S. health insurance provider that owns the health tech party , has put a number of dissemble person to the data point rift , after previously say it forebode the breach to admit datum on a “ substantial proportion of hoi polloi in America . ”
The U.S. Department of Health and Human Servicesfirst report the updated numberon its data go against portal on Thursday .
UHG spokesperson Tyler Mason say in a abbreviated statement : “ We continue to notify potentially impacted individuals as quickly as possible , on a rolled base , ease up the mass and complexity of the data point necessitate and the investigation is still in its final stages . ”
Theransomware attackand information breach at Change Healthcare suffer as the magnanimous known digital theft of U.S. medical record , andone of the big data rupture in livelihood history . The ramifications for the millions of Americans whose secret medical selective information was irretrievably steal are likely to be life lasting .
UHG began notifying touched individuals in late July , which go on through October .
The steal information varies by someone , but Changepreviously confirm that it includes personal information , such as names and computer address , day of the month of birth , telephone numbers and electronic mail address , and government identity text file , including Social Security numbers , gadget driver ’s permit figure , and pass numbers . The stolen health data point include diagnoses , medications , trial run results , imaging and aid and treatment design , and health insurance entropy — as well as fiscal and banking information found in claims and defrayal data taken by the felon .
Change Healthcare is one of the largest animal trainer of health , aesculapian data point , and patient record , as it processes patient insurance and billing across the U.S. healthcare sector , include G of hospital , apothecary’s shop , and medical practices . As such , Change handles huge amounts of health and aesculapian - relate information onaround a third of all Americans , the ship’s company ’s chief administrator Andrew Witty told lawmakers in May .
The cyberattackbecame populace on February 21when Change Healthcare pulled much of its internet offline to bear the intruders , causing immediate outages across the U.S. healthcare sector that relied on Change for handling affected role indemnity and billing .
UHG attributedthe cyberattack to ALPHV / BlackCat , a Russian - speaking ransomware and extortion mob , which after took reference for the cyberattack .
The ransomware gang ’s leaders later vanished after absconding with a $ 22 million ransom money paid by the wellness insurance giant , stiffing the mathematical group ’s declarer who carried out the hacking of Change Healthcare out of their new fiscal windfall . The contractors took the data they stole from Change Healthcare and form a new radical , which extorted a second ransom from UHG , while publishing aportion of the stolen files online in the cognitive operation to prove their threat .
There is no evidence that the cybercriminals afterwards deleted the data . Other extortion gang , including LockBit , have been shown to accumulate stolen data , even after the victim ante up and the criminals claim to have deleted the information .
In paying the ransom money , Changeobtained a written matter of the stolen dataset , allow the company to identify and apprize the affected individuals whose information was found in the data point .
exertion by the U.S. political science to catch the hacker behind ALPHV / BlackCat , one of the most fertile ransomware gangs today , have so far failed . The gangbounced back follow a takedown operation in 2023to seize the crowd ’s dark web leakage site .
month after the Change Healthcare breach , theU.S. State Department upped its advantage for informationon the whereabouts of the ALPHV / BlackCat cybercriminals to $ 10 million .
Corporate consolidation and poor security blamed for data breach
component part of Change Healthcare ’s meshwork remain offline as the company keep on to recover from the February cyberattack . Lawmakers are also investigating the breach and the effect on the millions of Americans whose health data was irreversibly steal .
During a House listening into the cyberattack in April , UnitedHealth ’s CEO Witty confirmed that the cybercriminals broke into one of its employee systems usingstolen certificate that were not protect with multi - factor authentication(MFA ) , a protection feature that can assist to protect against the misuse of password theft .
By gaining access code to a critical national scheme using only a steal word , the ransomware ring was able to get through other parts of Change Healthcare ’s meshwork and deploy ransomware .
It ’s ill-defined why the system was not protected with MFA , but this will likely remain a key part of the on-going investigations by lawmakers and the government . Witty assure lawmakers that the organization hassince wrap out and now implement MFAfollowing the cyberattack .
Lawmakers homed in on how UHG handles so much datum and generates so much receipts and go at basic cybersecurity .
According to its 2023 full - year earnings report , UHG made $ 22 billion in net on revenues of $ 371 billion . Witty made $ 23.5 million in executive compensation the same twelvemonth .
While the want of MFA was abused in this case , the sheer size and wealth of highly sensitive data point that Change Healthcare hoard and store made it a object in itself , lawmakers said .
Change Healthcare merged with U.S. healthcare provider Optum in 2022 as part of a $ 7.8 billion deal by UnitedHealth Group . The deal brought the two healthcare giants under UHG and allowed Optum , which owns physician groups and provide tech and datum to insurance ship’s company and healthcare avail , wide entree to patient records handled by Change .
UnitedHealth Group collectively provides over 53 million U.S. customers with benefit plans and another 5 million outside of the United States , according toits latest full - class earnings composition . Optum serves about 103 million U.S. customer .
The deal faced scrutiny by U.S. federal antimonopoly authorization , whosued to blockade UHG from buying Change Healthcare and merging it with Optum , argue that UnitedHealth would get an unfair competitive reward by gaining access to “ about half of all Americans ’ health insurance policy claims authorize each year . ” A judge at long last approved the deal .
The Justice Department reportedly begancranking up its investigation into UHGand its likely anticompetitive practices in the calendar month prior to the Change Healthcare plug .
update with UHG comment .
Read more :
