Company Says Change Healthcare Hackers Stole Sensitive Data

UnitedHealth Group Makes Low Key Admission in Online FAQ Marianne Kolbasuk McGee (HealthInfoSec) • April 18, 2024

UnitedHealthGroup said for the first time that hackers behind a February ransomware attack against Change Healthcare breached sensitive health information, an admission that triggers a regulatory countdown clock for public disclosures and individual notification.

See Also: HIPAA-Compliant Email: 5 Steps Healthcare Needs to Take

Buried in a frequently asked questions portion of its website, UnitedHealth Group in an update posted Monday said a review of data affected by the Feb. 21 attack is underway by a "leading" forensics expert.

"At this time, we know that the data had some quantity of personal health information and personally identifiable information," the company said. "We are working to determine the quantity of impacted data, and we are fully committed to providing notifications to impacted individuals when determinations are able to be made." Change Healthcare ...