UnitedHealth has officially confirmed that a significant number of Americans had their health data stolen after its subsidiary, Change Healthcare, suffered a ransomware attack earlier this year.
According to the health insurance giant's statement, based on its initial targeted data sampling, the company has discovered files containing personally identifiable information (PII) or protected health information (PHI), which may include a sizable section of the US population.
(Photo: Clint Patterson from Unsplash) Last week, Prudential Financial suffered a cyberattack and learned that the hackers compromised its systems one day earlier. The investigation into the data theft incident is currently ongoing.
The business has not yet discovered any indications that materials like complete medical histories or doctor's files were leaked among the data.
UnitedHealth states that it will probably take several months of ongoing study due to the nature and complexity of the data examination before sufficient information is available to identify and notify impacted customers and people.
Instead of waiting until the end of the data review, the company is instantly offering support and strong security as it continues to engage with top industry experts to assess the data implicated in this cyberattack.
Read Also Frontier Communications Suffers Cyber Breach by Unknown Cybercrime Group
UnitedHealth's Cyber Support
People can reportedly go to a specific website for additional data and information about these resources. For two years, anyone affected by identity theft can receive free credit monitoring and protection from identity thieves from a dedicated call center. Trained clinicians will also be on staff at the call center to offer support services.
At this point, the call center cannot disclose any information regarding the impact of any individual data due to the continuous nature and intricate nature of the data assessment.
Threat Actors Behind the Breach
The statement, according to Tech Crunch, comes a week after a new hacker group started releasing some of the stolen data to pressure the corporation into paying another ransom; the company finally acknowledged that hackers had stolen health information from Americans.
Using the name RansomHub, the group released multiple files on their dark web leak website that included patient personal information from various papers, some of which were internal Change Healthcare data. If Change Healthcare does not pay a ransom, RansomHub threatens to sell the stolen data.
The second group to demand a ransom payment from Change Healthcare is called RansomHub. The health tech firm allegedly paid $22 million in March to the criminal group ALPHV, which was based in Russia. After that, the group vanished, leaving the affiliate responsible for the data theft without receiving ransom money.
Some of the biggest pharmacies in the nation reportedly saw delays in their prescription services following the cyber intrusion.
At the time, a family-run pharmacy, two military pharmacies in the Midwest and California, and others said they could not fill prescriptions because of network outages that impacted national healthcare providers.
Related Article: Apple Store Online Third-Party Pick-Up Scam, Exposed by Cybersecurity Professionals
(Photo: Tech Times)