Change Healthcare confirms ransomware hackers stole medical records for a ‘substantial proportion’ of Americans


Change Healthcare has confirmed the ransomware attack on its systems in February that caused widespread disruption to the US healthcare system for several weeks, resulting in the theft of medical records that “affected a significant number of people in the US.”

In a statement on Thursday, Change Healthcare said it has begun the process of notifying affected individuals whose information was stolen during the cyberattack.

The health tech giant, owned by American insurance group UnitedHealth Group, processes patient insurance and billing for thousands of hospitals, pharmacies, and medical practices in the US healthcare sector. Thus, the company has access to a vast amount of health information of about one-third of Americans.

The cyberattack caused the company to shut down its systems, resulting in disruptions and delays in service to thousands of healthcare providers that rely on Change, and impacting countless patients who were unable to obtain medications or whose medical care or procedures were delayed.

Change said in its latest statement that it “cannot confirm precisely” what data was stolen about each individual, and that the information could vary from person to person.

The affected information includes personal information, such as names and addresses, dates of birth, phone numbers and email addresses, as well as government identification documents, such as Social Security numbers, driver’s licenses and passport numbers.

Change reported that the data also included medical records and health information, such as diagnoses, medications, test results, drugs, imaging, and care and treatment plans. The hackers stole health insurance information, including plan and policy details, as well as billing, claims, and payment information, which Change said included financial and banking information.

Change said a review of the stolen data is still in the “final stages” to determine what was stolen and identify more affected individuals. The company said some of the stolen information may belong to guarantors who paid healthcare bills for someone else.

The company said affected individuals will begin receiving notification by mail by the end of July.

The ransomware attack on Change Healthcare is one of the largest digital thefts of American medical records ever. While the full impact of this data breach is still unclear, its consequences for millions of Americans, whose private medical information is completely at risk, are perhaps unimaginable.

Change said it had secured a copy of the stolen dataset in March to identify and notify affected individuals, with TechCrunch previously reporting that the dataset was obtained in exchange for a ransom demand.

UnitedHealth confirmed that it paid at least one ransom demand to the cybercriminal group behind the ransomware attack, known as ALPHV, in an effort to prevent publication of the stolen files. Another hacking group called RansomHub claimed that ALPHV ran off with the first ransom amount but left the stolen data with an affiliate of its – originally a contractor – who broke into Change’s systems and deployed the ransomware.

Ransomhub then published several files on its dark web leaks site and threatened to sell the data to the highest bidder if the ransom was not paid.

According to UnitedHealth Chief Executive Officer Andrew Witty, hackers broke into Change Healthcare’s network and used stolen credentials on internal systems that were not protected with multi-factor authentication, a security feature that makes it more difficult for malicious hackers to misuse stolen passwords.

The ransomware attack caused UnitedHealth to lose about $870 million in the first three months of the year, during which the company generated $100 billion in revenue, according to the company’s earnings report. UnitedHealth is expected to report its most recent earnings in mid-July.


Please enter your comment!
Please enter your name here

Share post:




More like this

Tesla makes Musk the highest-paid CEO ever and leaves Fisker in the dust

Welcome to Startups Weekly - Haje's weekly roundup of...

Elden Ring: How to start the Shadows of the Aardtree DLC

The Elden Ring DLC, Shadows of the Aardtree, has...

7 Best Mechanical Keyboards (2024): Tests and Reviews

Your keyboard is The most direct line of communication...