UnitedHealth Group has demonstrated its unwavering commitment to safeguarding patient data by acknowledging that it paid a ransom to the perpetrators of the Change Healthcare breach. This is an extraordinary step. The ruling emphasizes how important it is to protect sensitive data in the face of growing cyberthreats.
In a statement released on Monday, UnitedHealth Group stated, “Under the circumstances, we made the difficult decision to pay the ransom as part of our unwavering dedication to shielding patient data from potential exposure.” The precise amount paid was not disclosed.
The company disclosed that hostile actors had been circulating 22 screenshots on the dark web for about a week, allegedly taken from compromised files that contained identifiable and confidential health information. Nonetheless, UnitedHealth gave stakeholders the reassurance that there hasn’t been any more sharing of Personally Identifiable Information (PII) or Protected Health Information (PHI) as of yet.
Owing to the complex and continuous nature of the data review, UnitedHealth anticipates a number of months of thorough investigation prior to the final identification and notification of impacted patients. The business is dedicated to providing proactive help and strong protections in spite of the drawn-out review procedure, as opposed to waiting until the investigation is over.
Files containing PHI or PII potentially affecting a sizable section of the American population have been discovered through first targeted data sampling. Interestingly, UnitedHealth made it clear that they have not yet found any proof of the exfiltration of documents like medical records or doctor’s charts.
UnitedHealth promises to keep the process transparent by notifying the relevant parties as soon as enough information is verified, while coordinating with law enforcement and regulators. It is noteworthy that the present disclosure does not amount to an official notification of a breach; yet, the company guarantees stakeholders that further notifications will be made as necessary.