Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

UnitedHealth says wide swath of patient files may have been taken in Change cyberattack

UnitedHealth says files with personal information that could cover a “substantial portion of people in America” may have been taken in the cyberattack on its Change Healthcare business

Tom Murphy
Tuesday 23 April 2024 16:40 BST
UnitedHealth-Change Cyberattack
UnitedHealth-Change Cyberattack (Copyright 2024 The Associated Press. All rights reserved.)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

UnitedHealth says files with personal information that could cover a “substantial portion of people in America” may have been taken in the cyberattack earlier this year on its Change Healthcare business.

The company said Monday after markets closed that it sees no signs that doctor charts or full medical histories were released after the attack. But it may take several months of analysis before UnitedHealth can identify and notify people who were affected.

UnitedHealth did say that some screen shots containing protected health information or personally identifiable information were posted for about a week online on the dark web, which standard browsers can’t access.

The company is still monitoring the internet and dark web and said there has been no addition file publication. It has started a website to answer questions and a call center.

The company also is offering free credit monitoring and identity theft protection for people affected by the attack.

UnitedHealth said in February that a ransomware group had gained access to some of the systems of its Change Healthcare business, which provides technology used to submit and process insurance claims.

The attack disrupted payment and claims processing around the country, stressing doctor’s offices and health care systems.

Federal civil rights investigators are already looking into whether protected health information was exposed in the attack.

UnitedHealth said Monday that it was still restoring services disrupted by the attack. It has been focused first on restoring those that affect patient access to care or medication.

The company said both pharmacy services and medical claims were back to near normal levels. It said payment process was back to about 86% of pre-attack levels.

UnitedHealth said last week when it reported first-quarter results that the company has provided more than $6 billion in advance funding and interest-free loans to health care providers affected by the attack.

UnitedHealth took an $872 million hit from from the cyberattack in the first quarter, and company officials said that could grow beyond $1.5 billion for the year.

Minnetonka, Minnesota-based UnitedHealth Group Inc. runs one of the nation’s largest health insurers. It also runs one of the nation’s largest pharmacy benefits management businesses, provides care and offers technology services.

Company shares edged up 91 cents to $492.14 in late-morning trading Tuesday while broader indexes also climbed.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in