UnitedHealth Group has completed more than 90% of its review of the data accessed and stolen by ransomware hackers earlier this year, finding “no evidence” that materials such as doctors’ charts or full medical histories were exfiltrated from its systems. In an advisory on Thursday, the healthcare giant provided its first breach notification to those who may have been affected by the attack on Change Healthcare, which paralyzed the medical industry for weeks due to the company’s pivotal role in the processing of payments and prescriptions. In April, Change Healthcare confirmed the hackers accessed data that covers “a substantial proportion of people in America.” While the company is still determining the full extent of the breach, so far they have confirmed that names, addresses, dates of birth, phone numbers, and email addresses were leaked. The attackers also likely accessed some combination of: The federal government said two weeks ago that it will allow Change Healthcare to send data breach notifications to victims on behalf of the company’s customers — which include thousands of hospitals, pharmacies, health clinics and doctors’ offices. Current and former Change Healthcare customers can use the public data breach notice posted online to “proactively notify their individuals of the incident now while the data review remains ongoing and share how individuals can reach out to CHC if they have questions.” The attack on Change Healthcare is one of the largest ransomware events to ever hit the healthcare industry and sparked outrage as millions of U.S. residents struggled to get medications. Sen. Ron Wyden (D-OR) said last month that UnitedHealth’s senior executives and board of directors “must be held accountable” for a cascade of reckless decisions — most notably having a chief information security officer who had not worked in a fulltime cybersecurity role before he was elevated to the job in June 2023. The attack has also reignited efforts to better regulate the healthcare industry after UnitedHealth Group’s CEO admitted the entire attack was traced back to a remote access server that was not protected with multifactor authentication (MFA). MFA policies were waived for servers running older software, the company admitted in Congressional hearings.
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.