UnitedHealth: Hackers could have stolen Americans’ data

MINNETONKA, Minnesota: This week, UnitedHealth Group, the largest U.S. health insurer, said that hackers stole health and personal data of potentially a "substantial proportion" of Americans from its systems in February.

One of the worst hacks to hit American healthcare, the attack against Change Healthcare unit, which processes some 50 percent of U.S. medical claims, caused widespread disruption in payment to doctors and healthcare facilities.

UnitedHealth stated on its website that an initial review of the compromised data showed files with protected health information or personally identifiable information "which could cover a substantial proportion of people in America."

That theft on February 21 happened despite a ransom payment being made.

This week, UnitedHealth Chief Executive Andrew Witty told CNBC, "A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure."

The company added that while a full analysis of the breached data would take "several months," there is no evidence to suggest that the hackers stole doctors’ charts or complete medical histories of individuals.

AlphV or BlackCat, the cybercriminal gang that conducted the hack, has not responded to requests for comment.

Another hacker group, Ransomhub, posted 22 screenshots on the dark web, some of which contained UntiedHealth customers’ protected healthcare and personal data, the company said, adding it was unaware of any other leaks at this time.

Ransomhub told Reuters that a disgruntled affiliate of Blackcat had given it the data.

Soon after the hack came to light in February, Blackcat said on its website it had stolen eight terabytes of sensitive records from Change Healthcare.

UnitedHealth CEO Witty said, "We know this attack has caused concern and been disruptive for consumers and providers, and we are committed to doing everything possible to help and provide support to anyone who may need it."