The devastating ransomware attack on UnitedHealth Group’s (UHG) subsidiary Change Healthcare has impacted nearly a third of the US population, making the attack the largest known US healthcare breach.
UHG finally revealed the true scope of the February ransomware attack, which resulted in months of outages and disruption across the US health sector. The company reported that 100 million individuals were affected.
The number was revealed through the US Department of Health and Human Services website’s data breach portal, which lists “all breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights.”
No healthcare-related data breach in the US has ever been so widespread. However, UHG is likely the largest health sector business ever breached as it processes about half of all American medical claims, cooperates with 900,000 physicians, and operates 33,000 pharmacies, 5,500 hospitals, and 600 laboratories.
While the type of affected data varies among the victims, the attackers provided a list and screenshot revealing that they’d obtained severely sensitive private healthcare information of tens of millions of people.
Career ending UHG breach
The healthcare provider was attacked early this year, after UHGs subsidiary’s systems were penetrated by the ALPHV/BlackCat ransomware cartel. The attackers allegedly stole 6TB of data, prompting the company to shut down its systems.
The UHG downtime wreaked havoc, causing pharmacy disruptions and delays in provider payments, causing panic among patients who were unable to fill prescriptions and practitioners who were unable to pay their bills.
UHG reportedly paid hackers a whopping $22 million ransom payment. A sum so large it caused a rift among cybercrooks. BlackCat/ALPHV faked its own takedown and disbanded, taking the whole cut. Ironically, the gang’s affiliate that executed the attack was left without payment, which we know because he complained about it on the dark web.
According to UHG CEO Andrew Witty, attackers accessed the company’s systems with stolen credentials to the company’s Citrix portal that did not have multi-factor authentication. Citrix is a widely known software application used to enable remote access to desktops.
Once inside, attackers hopped from one system to another, persistently exfiltrating highly sensitive details of a third of the US population. Moreover, attackers roamed the system for a whole nine days, allowing them to fully encrypt the UHG network.
Your email address will not be published. Required fields are markedmarked