In February, hackers breached part of Change Healthcare’s IT network, prompting the company to disconnect affected systems and causing widespread fallout in the health-care sector. The cyberthreat actor used compromised credentials to infiltrate the system and deployed ransomware that encrypted the network.
UnitedHealth has now confirmed paying a $22 million ransom to hackers who breached Change Healthcare’s IT network. This payment was made in bitcoin, marking the first time the company publicly acknowledged the ransom. During testimony before the U.S. Senate Committee on Finance, UnitedHealth disclosed that it had been impacted by a significant number of individuals in America, with files containing protected health information and personally identifiable information being compromised.
Due to the complexity of the data review, it will take months to notify affected individuals. However, UnitedHealth is offering free identity theft protection and credit monitoring for those concerned about their data. The company has also implemented multifactor authentication (MFA) across all external-facing systems to enhance security and prevent future breaches.
