UnitedHealth data breach may affect "wide range" of areas in the United States

Zhitong
2024.04.23 09:11
portai
I'm PortAI, I can summarize articles.

UnitedHealth may have suffered a serious cyber attack, resulting in a large amount of private information of American customers being leaked. This may be one of the largest healthcare data breaches in history. The leaked sample files contain personal information such as health data, affecting a wide range of American people. The company has taken some measures to protect patient data and has paid a ransom to prevent further leaks. This attack is expected to result in a revenue reduction of up to $1.6 billion for the company this year. UnitedHealth Group is currently assessing the impact and cooperating with relevant agencies to investigate this incident

According to the Zhītōng Finance APP, UnitedHealth Group (UNH.US) recently discovered that in a serious cyber attack in February this year, a large amount of personal information of American customers may have been leaked, potentially constituting one of the largest healthcare data breaches in history. According to a statement released by the company on its website on Monday, the leaked sample documents contained personal information such as health data, affecting a wide range of American people. As of Monday's close, the stock fell nearly 2% to $491.23.

As a division of UnitedHealth Group, Change Healthcare was a key target in this cyber attack. Prior to this cyber attack, the company processed $2 trillion in healthcare claims annually, involving approximately 15 billion transactions. The disclosure of this event may trigger greater political pressure, forcing the company to explain the reasons for the attack and its response measures.

Although the attack was exposed two months ago, the healthcare system is still assessing the impact, with many issues yet to be resolved, including how many people's private data was actually leaked.

UnitedHealth Group stated that assessing the privacy impact may take several months, and there is currently no evidence that doctors' medical records or complete medical histories have been leaked. The company has set up a dedicated website and call center to assist people with credit monitoring.

According to relevant health privacy regulations, companies typically have 60 days to report data breach incidents to the Department of Health and Human Services. Last month, the agency initiated an investigation into this incident. However, according to information on the company's website last week, the HHS office responsible for overseeing data breach reports has not received notifications from UnitedHealth Group, Change Healthcare, or other relevant entities.

In this attack, UnitedHealth Group has paid a ransom, with a company spokesperson stating in an email that this is one of the measures to protect patient data from further leakage. Specific payment details have not been disclosed. This attack is expected to result in a revenue reduction of up to $1.6 billion for the company this year, although this is mainly a one-time cost and is not included in adjusted performance.

It was reported that hackers used compromised credentials without multi-factor authentication to infiltrate Change Healthcare's systems a week before being discovered. UnitedHealth Group has not commented on this report.

Several weeks after the system gradually returned to normal operation, some doctors and hospitals still face cash flow interruptions. UnitedHealth CEO Andrew Witty is expected to testify before Congress next week regarding this attack.

It is worth mentioning that according to reports last month, the hacker group involved in this attack received a $22 million bitcoin payment on March 1. UnitedHealth has not commented on whether a ransom was paid.

This data breach may damage the company's reputation, reduce customer trust, and lead to potential legal actions and hefty fines. With the financial losses and legal liabilities the company may face, investors and shareholders may see their investment value affected, especially if the stock price is negatively impacted. In the long run, this could affect the company's financial position and market standing