UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack

UnitedHealth confirms that personal and health information was stolen in a ransomware attack that could cost the company up to $1.6 billion.

Change Healthcare parent company UnitedHealth Group on Monday confirmed that personally identifiable information (PII) and protected health information (PHI) was stolen in a February ransomware attack.

According to the company, the data breach likely impacts “a substantial proportion of people” in the US, but the investigation into the full scope of the incident continues.

“Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America,” UnitedHealth said in an updated incident notice.

Roughly 4Tb of data might have been stolen during the disruptive attack that caused major healthcare system outages across the US, an Alphv/BlackCat ransomware affiliate allegedly responsible for the intrusion has claimed ...