Goad News

UnitedHealth paid ransom after massive Change Healthcare cyberattack

Cybercriminals based in Russia who attacked an establishment belonging to the UnitedHealth group in February, the company did not leave empty-handed.

“A ransom was paid as part of the company’s commitment to do everything it could to protect patient data from disclosure,” a UnitedHealth Group spokesperson confirmed to CBS News Monday evening .

The spokesperson did not reveal how much the healthcare giant paid after the cyberattack. who stopped operations in hospitals and pharmacies for more than a week. Multiple media sources reported that UnitedHealth paid $22 million in bitcoin.

“We know this attack has caused concern and disruption to consumers and providers and we are committed to doing everything we can to help and provide support to anyone who may need it,” said Andrew Witty, CEO of ‘UnitedHealth, in a statement Monday.

UnitedHealth blamed the breach on a Russian ransomware gang known as ALPHV or BlackCat. The group itself claimed responsibility for the attack, alleging that it stole more than six terabytes of data, including “sensitive” medical records, from Change Healthcare, which processes health insurance claims from patients who visited hospitals, medical centers or pharmacies.

Doctor describes devastating effects of UnitedHealth cyberattack


The scale of the attack — Change Healthcare processes 15 billion transactions a year, according to the American Hospital Association — meant that even patients who weren’t UnitedHealth customers were potentially affected. The attack has already cost UnitedHealth Group nearly $900 millioncompany officials said when it released first-quarter results last week.

Ransomware attacks, which involve disable a target’s computer systems, have become increasingly common in the healthcare industry. The annual number of ransomware attacks against hospitals and other providers doubled between 2016 and 2021, according to a 2022 study published in JAMA Health Forum.

The Change Healthcare incident was “a direct attack on the U.S. healthcare system and designed to create maximum damage,” Witty told analysts on an earnings conference call last week. Ultimately, the cyberattack is expected to cost UnitedHealth between $1.3 billion and $1.6 billion this year, the company forecast in its earnings report.

Exit mobile version