Healthcare, a UnitedHealth subsidiary, suffered an external cyberattack in February that the companies said was the largest healthcare data incident reported to federal regulators. The breach exposed personal health data for more than 100 million people. This ransomware attack, published by the U.S. Office for Civil Rights on October 22, is emerging as a growing threat to the healthcare sector.
Details of the Cyberattack
The attackers compromised Change Healthcare from February 17 to 20 and installed ransomware associated with the ALPHV/BlackCat group. UnitedHealth Group, which learned of the matter in February, hired Mandiant and other cybersecurity specialists to obtain a copy of the stolen information, filled in with names, dates of birth, addresses, medical histories and, in some instances, social security and identification numbers. Documentation of financial transactions, including billing and claims, were also exposed, but complete medical histories or doctors’ note-taking were not contents of the stolen records. During a hearing by the Senate in May, the United Health Group CEO Andrew Witty disclosed that the company tendered $22 million in Bitcoin to free the data. However, cybersecurity specialists advise against it because it encourages hackers and does not guarantee data recovery.
Patient Consent and Company Measures
This attack has affected millions of patients, with some prescriptions delayed and business interruptions totaling at least $705 million. In the meantime, Change Healthcare has implemented the necessary precautions to assist the affected clients and announced that it will cover credit monitoring for two years, identity theft services, and a counselling hotline. The company also urges those affected to keep checking their bank accounts and insurance statements for any signs of fraud.
New Emerging Threats to Healthcare via Cyber Criminals
One must ensure that the healthcare industry is still on attackers’ radars because of the type of data it processes and the numerous operational disruptions it can cause. In another case early this year, ransomware attacking Ascension Health affected patient care. The U.S. Advanced Research Projects Agency for Health has committed $50 million to improving hospital cybersecurity to address these threats.
This breach shows why healthcare providers need better security protection in their healthcare systems as they advance to become more digital, making patient data a bigger concern for the nation.