UnitedHealth Group, the largest health insurer in the U.S., announced Monday that hackers stole health and personal data of potentially a “substantial proportion” of Americans from its systems in February, Reuters is reporting.
The hack targeted UnitedHealth’s subsidiary, Change Healthcare, according to CNBC. Change Healthcare offers payment and revenue cycle management tools, and processes more than 15 billion transactions annually. That means that those who are not customers of UnitedHealth could still be affected by the attack.
The hack led to disruptions in payments to doctors, hospitals and pharmacies.
A statement from the company said the compromised data included files with protected health information or personally identifiable information “which could cover a substantial proportion of people in America.”
UnitedHealthcare paid a ransom to the hackers, it acknowledged, but the information was stolen anyway.
“A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure,” UnitedHealth Chief Executive Andrew Witty told CNBC on Monday.
Witty would not say how much ransom was paid.
“This attack was conducted by malicious threat actors, and we continue to work with law enforcement and multiple leading cybersecurity firms during our investigation,” according to a statement from the company.
According to the company, it is not believed that doctors’ charts or full medical histories of individuals were stolen. It said is monitoring online forums and the dark web where hackers tend to leak or trade such data packets, the statement read.
A hacker group that did not take UnitedHealth’s material posted 22 screenshots of customer information on the dark web for about a week, according to CNBC.
That group, which calls itself Ransomhub, told Reuters earlier that a disgruntled affiliate of Blackcat – the group believed to have hacked Change Healthcare – had given it the data.
Soon after the hack in February, Blackcat said on its website it had stolen 8 terabytes of sensitive records from Change Healthcare, but later deleted the statement, according to Reuters.
“We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it,” UnitedHealth CEO Witty said in the company post.
The company posted a website where customers can go to follow its progress on protecting the compromised information.
A dedicated call center has also been established to offer free credit monitoring and identity theft protections for two years to anyone impacted. The call center can be reached at 1-866-262-5342 and further details can be found on the website.