UnitedHealth issues breach notification on Change Healthcare hack

FILE PHOTO: A UnitedHealth Group health insurance card is seen in a wallet in this picture illustration October 14, 2019. REUTERS/Lucy Nicholson/Illustration/File Photo

NEW YORK (Reuters) - UnitedHealth Group issued a public notice about the February ransomware hack on its Change Healthcare unit on Thursday as part of its requirements to notify the estimated one-third of the country whose private data may have been exposed in the attack.

UnitedHealth said it expects to begin mailing letters to potentially affected individuals in late July but that it may not have addresses for all of them. The company said individuals can enroll in free credit monitoring for two years.


Patient information is protected under the Health Insurance Portability and Accountability Act, or HIPAA. HIPAA regulation requires companies to notify patients of data exposures.

Information made vulnerable in the UnitedHealth attack is believed to include health insurance member IDs, patient diagnoses, treatment information and social security numbers, as well as billing codes used by providers.

In a May announcement, the U.S. Department of Health and Human Services said healthcare providers can ask UnitedHealth to notify people impacted by the hack on their behalf. Following the hack, some providers urged HHS to make UnitedHealth solely responsible for issuing breach notifications.


After reviewing 90% of files breached, the insurer said it "found no evidence that materials such as doctors’ charts or full medical histories were exfiltrated from its systems."


Change Healthcare processes about half of all U.S. medical claims.

The Feb. 21 hack on the technology unit of the largest U.S. health insurer was carried out by Russian ransomware gang BlackCat, UnitedHealth CEO Andrew Witty said in May testimony to the Senate Committee on Finance. In exchange for patient data, UnitedHealth paid the group $22 million in Bitcoin, Witty said.

(Reporting by Amina Niasse; Editing by Bill Berkrot)

Follow us on our official WhatsApp channel for breaking news alerts and key updates!


Next In Tech News

Embraer's Eve rolls out flying taxi prototype, cash needs covered until 2027
Business as usual in KLIA2, systems restored following IT outage
AI 'help' for writers takes the novelty out of novels, research shows
Using AI to write your cover letters? Be careful, experts say
Windows has added new lock screen widgets. Here's how to remove them
Review: Switch’s technology smooths out some flaws in ‘Luigi’s Mansion 2 HD’
Microsoft says about 8.5 million of its devices affected by CrowdStrike-related outage
Three 'pro-Russian' hackers arrested in Spain over cyberattacks
Govt agencies unaffected by global IT outage, says Fadillah
MyCert issues phishing and malware warning exploiting CrowdStrike incident

Others Also Read