UnitedHealth paid ransom to bad actors, says patient data compromised in Change Healthcare cyberattack – NBC 5 Dallas-Fort Worth

• UnitedHealth Group said Monday it has paid ransoms to cyber threat actors in an effort to protect patient data.
• The company announced in February that its subsidiary Change Healthcare was the victim of a cyber attack.
• The impact of the breach has been felt across the healthcare industry, as many doctors were left without a way to fill prescriptions or get paid for their services.

UnitedHealth Group said Monday it has paid ransoms to cyber threat actors in an effort to protect patient data, following February’s cyberattack on its subsidiary Change Healthcare. The company also confirmed that files containing personal information were compromised in the breach.

“This attack was carried out by malicious threat actors, and we continue to work with law enforcement agencies and multiple leading cybersecurity companies as we conduct our investigation,” UnitedHealth told CNBC in a statement. “A ransom was paid as part of the company’s commitment to do everything it could to protect patient data from disclosure.”

The company did not specify the amount of the ransom payment.

UnitedHealth, which has more than 152 million customers, said it also determined that cyber threat actors accessed files containing protected health information and personally identifiable information, according to a news release Monday. The files “may cover a substantial portion of people in America,” the release said.

Change Healthcare offers payment and revenue cycle management tools. The company facilitates more than 15 billion transactions annually, and one in three patient records passes through its systems. This means that even patients who are not UnitedHealth customers could have been affected by the attack.

UnitedHealth said in the release that 22 screenshots, allegedly of the compromised files, were uploaded to the dark web. The company said no other details have been published and that it has seen no evidence that doctors’ records or full medical histories were accessed in the breach.

“We know this attack has caused concern and been disruptive for consumers and providers, and we are committed to doing everything we can to help and provide support to everyone who needs it,” said Andrew Witty, CEO of UnitedHealth.

UnitedHealth said concerned patients can visit a special website to access resources. The company has launched a call center that offers free identity theft protection and credit monitoring for two years, the release said.

The call center will not be able to provide details on the impact of individual data given the “ongoing nature and complexity of data review,” UnitedHealth said.