In Hack Update, UnitedHealth Reveals Ransom Was Paid

UPDATE Apr 24, 2024 3:03 PM CDT

Hackers stole health and personal data from what could amount to a "substantial proportion" of Americans, UnitedHealth said in a Monday update on the February cyberattack on its Change Healthcare subsidiary. UnitedHealth also confirmed that it paid a ransom "as part of the company's commitment to do all it could to protect patient data from disclosure." No specifics on what was paid were given, reports Quartz. Whether you are an impacted American won't be known for some time, though: "It is likely to take several months of continued analysis before enough information will be available to identify and notify impacted customers and individuals," UnitedHealth noted.

Mar 4, 2024 11:00 AM CST

Across the US, health care providers are contending with a payment issue wrought by a ransomware strike that went down last month. The Washington Post reports that, for more than a week, those providers, including hospitals and pharmacies, have had trouble processing insurance claims and filling prescriptions due to the attack on Change Healthcare, a subsidiary of UnitedHealth. The Post notes that the outage has left the drug market "in disarray," with some patients made to choose between paying steeper out-of-pocket costs (sometimes to the tune of thousands of dollars) or not getting their meds at all. In some cases, pharmacists have been trying to estimate drug co-pay costs under insurance, hoping that when the system is back up all will be settled.

• What happened: The hackers reportedly broke into the Change Health system, which sends Rx claims from pharmacies to firms that determine what insurance coverage patients are eligible for, on Feb. 21. They swiped patient data, then encrypted that info, demanding that the company pay them big bucks to get it back. Change Health subsequently shut down its system. An online tracker cited by TechCrunch noted on Saturday that they were still experiencing issues.
• Who's responsible: Sources tell Reuters that a group called ALPHV, or Blackcat, was behind the hack. Blackcat has since claimed responsibility to DataBreaches.net.
• Reaction: "We are 100% down when it comes to billing right now," the legal director of a lab in Kalamazoo, Michigan, that does drug testing for doctors' offices, tells Reuters. Meanwhile, a Maryland patient who says she hopefully has enough diabetes meds to tide her over until the issue is resolved tells the Post her usual $25 co-pay would be $250 during the outage, noting: "Not everyone has an extra $250 they weren't expecting to spend."
• From UnitedHealth: In its latest update, posted Friday, the company said it had a "high level of confidence" that its own services hadn't been affected. As for Change Health, its parent company says it's working with law enforcement and other third parties to "to restore the impacted environment and continue to be proactive and aggressive with all our systems."

(More ransomware stories.)