Insurance company UnitedHealth Group is confirming a ransomware attack earlier this year affected the private data of over 100 million people. The number was published in the US Department of Health and Human Services Office of Civil Rights (OCR) Breach Report on Thursday, making it the largest healthcare data breach on the list.
Technology
- Home
- Technology
- News
UnitedHealth data breach leaked info on over 100 million people
UnitedHealth’s Change Healthcare told the US Health Department it has sent over 100 million notices to people regarding the February ransomware breach.
Published 5 ماہ قبل on اکتوبر 27 2024، 10:00 صبح
By Web Desk
Hacker group Blackcat, also known as ALPHV, claimed responsibility for the February attack on Change Healthcare that caused widespread disruptions for healthcare providers processing bills, claims, payroll, and prescriptions for weeks.
According to the HHS FAQs page, Change Healthcare told OCR on October 22nd that it’s sent people about 100 million individual notices regarding this breach.
Stolen information may include:
Health insurance information (such as primary, secondary or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers);Health information (such as medical record numbers, providers, diagnoses, medicines, test results, images, care and treatment);Billing, claims and payment information (such as claim numbers, account numbers, billing codes, payment cards, financial and banking information, payments made, and balance due); and/orOther personal information such as Social Security numbers, driver’s licenses or state ID numbers, or passport numbers.
As reported by Bleeping Computer, UnitedHealth CEO Andrew Witty’s written testimony (PDF) to a House committee said the threat actors got in by using stolen credentials for a Citrix remote access service that lacked multifactor authentication.
On February 12, criminals used compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops. The portal did not have multi-factor authentication. Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later.
UnitedHealth paid the group a $22 million ransom. However, another operation threatened to continue leaking the data and may have secured a second ransom payment.
Nazia Hassan: Celebrating legacy of a pop icon on her 60th birthday
- 8 گھنٹے قبل
PM Shehbaz announces Rs7.41 per unit electricity price cut
- 11 گھنٹے قبل
Trump’s tariffs stoke global trade war as China, EU hit back
- 9 گھنٹے قبل
18-year-old dies from Congo virus in Quetta
- 8 گھنٹے قبل
Gold prices hit new peak at Rs325,500 per tola
- 7 گھنٹے قبل
3-year-old dies after falling into open manhole in Karachi
- 12 گھنٹے قبل
Met Office forecasts Karachi's temperature rising up to 40°C this week
- 8 گھنٹے قبل
PSX hits record high following announcement of electricity tariff cuts
- 7 گھنٹے قبل
Indian actress Shalini Pandey reveals dark side of film industry
- 12 گھنٹے قبل
Mohsin Naqvi appointed president of Asian Cricket Council: Sources
- 8 گھنٹے قبل
Former Pakistan test cricketer Farooq Hamid passes away
- 10 گھنٹے قبل
Hollywood star Jean-Claude Van Damme accused of having sex with five women: report
- 10 گھنٹے قبل
You May Like
Trending
