UnitedHealth Pays $22M Ransom After Major Cyberattack Disrupts Healthcare
May 2, 2024UnitedHealth Group CEO Andrew Witty confirmed a $22 million ransom payment to hackers following a breach of Change Healthcare.
The breach, involving stolen credentials and lack of multifactor authentication, compromised vast amounts of PII and PHI.
Attributed to the BlackCat gang, the cyberattack disrupted pharmacies and caused a system shutdown, impacting healthcare payments.
The incident, marked as the largest in the healthcare sector, has led to subsequent copycat attacks and wider supply chain disruptions.
Many healthcare providers still face delayed payments, with widespread cash flow issues reported by U.S. hospitals.
The Department of Health and Human Services is investigating UnitedHealth's compliance with federal patient data protection laws.
In response to the breach, the US government has offered a $10 million reward for information on the BlackCat gang.
UnitedHealth has initiated a funding assistance program for affected providers and is collaborating on breach assessments and future protections.
Congressional hearings are underway with growing calls for cybersecurity legislation specific to the healthcare industry.
Summary based on 19 sources