A huge data breach at one of the country’s leading health insurance providers could mean that your personal information has been compromised. Let’s take a look and see what your options are.
Data Breach Bombshell
On Monday, UnitedHealth Group announced that hackers had managed to invade their systems in February and stole protected health information (PHI) and personally identifiable information (PII) from “a substantial proportion of people in America.”
Missing Pieces
This is a massive cybersecurity breach. However, the company clarified that they hadn’t seen any evidence of doctors’ charts or complete medical histories in the data.
2015’s Massive Breach
The country’s largest healthcare data breach happened in February 2015 and affected almost 80 million people. Experts are warning that this latest leakage could be the largest on record, involving even more people.
“A Substantial Proportion” of Americans Affected
At the time of the February data breach, Rick Pollack, CEO and President of the American Hospital Association, said, “The Change Healthcare cyberattack is the most significant and consequential incident of its kind against the U.S. healthcare system in history.”
Federal Mandates
Federal regulations require UnitedHealth Group to release an official breach notification, which will be sent to every customer. However, Monday’s announcement was not an official notification, as the company is waiting to gather enough information about the attack.
Months-Long Wait for Full Data Report
According to UnitedHealth, a full report on the leaked data will take months to complete.
Details of UnitedHealth’s Security Breach
It all began when UnitedHealth suffered a ransomware cyberattack on their Change Healthcare system back in February.
A Hostage Situation
In a ransomware attack, a hacker basically holds a computer system hostage – typically requiring a ransom to be paid or else private data will be leaked.
System Paralysis
This hack crippled the company’s pharmacy and medical claims services, which made it a challenge for providers to process insurance claims and handle billings.
Claims and Billings Crisis
Change Healthcare processes 15 billion transactions a year, so the fallout from being unable to access the system was immediate and extensive.
Impact Beyond UnitedHealth Insured
Even patients who don’t have insurance through UnitedHealth may have been affected, as hospitals and doctors struggled with cash-flow issues brought on by the downed systems – some of which are still down today.
Prescription Chaos and Administrative Mayhem
Patients struggled to fill prescriptions, and administrative hell began for hospitals and clinics, which couldn’t file claims or payments from insurers.
Weeks Before Detection
According to the Wall Street Journal, hackers had breached the system over a week before they were detected. They managed to sneak in using stolen credentials for a system that lets users log in remotely.
Ransom Payment
In a bid to regain access to Change Healthcare, UnitedHealth paid the hackers ransom of around $18 million “as part of the company’s commitment to do all it could to protect patient data from disclosure.”
Dark Web Exposé
While UnitedHealth Group managed to regain control of Change Healthcare, screenshots of people’s data began cropping up on the dark web.
Data Leaks and Screenshots
“There were 22 screenshots, allegedly from exfiltrated files, some containing PHI and PII, posted for about a week on the dark web by a malicious threat actor. No further publication of PHI or PII has occurred at this time,” UnitedHealth Group wrote in a news statement.
Scale of Theft
According to reports, the group behind the hack claimed they had stolen 8 terabytes of sensitive data from Change Healthcare. According to the group, this included information on active military personnel, as well as other patient’s medical records, payment information, social security numbers, and more.
CEO’s Pledge Amid Data Fears
In a statement, CEO of UnitedHealth Group Andrew Witty said, “We know this attack has caused concern and been disruptive for consumers and providers, and we are committed to doing everything possible to help and provide support to anyone who may need it.”
Vigilance on the Internet’s Dark Corners
UnitedHealth is currently monitoring the internet and dark web “to determine if data has been published.”
Financial Toll of Cyberattack
The hack is estimated to have cost UnitedHealth between $1.3 billion and $1.6 billion this year alone.
What Can You Do?
So, what exactly are your options if you’re worried about your data?
Resources for Affected Individuals
Well, UnitedHealth is offering free credit monitoring and identity theft protection for anyone worried, which will last for two years. They’ve launched a dedicated website with information on how to sign up and other resources, and they’ve also created a dedicated call center for any inquiries.
Limited Details from Ongoing Data Review
The call center comes with a condition, however, that “Given the ongoing nature and complexity of the data review, the call center will not be able to provide any specifics on individual data impact at this time.”
UnitedHealth’s Continuing Efforts
This breach at UnitedHealth Group is a big deal, potentially affecting a lot of people across the country. While they’re working on solutions and offering support, the full extent of the damage and who’s affected is still being investigated.
The post – UnitedHealth Breach May Have Exposed Sensitive Medical Details of Millions – first appeared on Career Step Up.
Featured Image Credit: Shutterstock / Rawpixel.com.
The content of this article is for informational purposes only and does not constitute or replace professional financial advice.