Skip to main content

Already a subscriber? Make sure to log into your account before viewing this content. You can access your account by hitting the “login” button on the top right corner. Still unable to see the content after signing in? Make sure your card on file is up-to-date.

Company executives from Change Healthcare and its parent company, UnitedHealth Group (UHG), have confirmed they paid a ransom after a significant cyberattack in February. 

Following the breach, UHG provided an update, noting the discovery of files containing protected health information (PHI) or personally identifiable information (PII). “Based on initial targeted data sampling to date, the company has found files…which could cover a substantial proportion of people in America,” UHG stated. Despite the extensive data involved, the company confirmed that there was no evidence of stolen detailed medical records like doctors’ charts or complete medical histories. A spokeswoman also confirmed that a “ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure.”

240228 Unitedhealth Mb 1439 12b3e5

Following the payment, UHG has taken protective measures to prevent this from happening again. The company says it will also take seven months to fully identify and notify all impacted customers. To support those potentially affected, UHG has launched a dedicated website, call centers, and is offering free identity theft protection for two years. 

According to the company, they became aware of the breach after 22 screenshots showing compromised files were found on the dark web. 

UHG’s CEO, Andrew Witty, said, “We know this attack has caused concern and been disruptive for consumers and providers, and we are committed to doing everything possible to help and provide support to anyone who may need it.” 


Keep up to date with our latest videos, news and content