Start your day with intelligence. Get The OODA Daily Pulse.

UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack

UnitedHealth Group, the parent company for Change Healthcare, confirmed that Personally identifiable information (PII) and protected health information (PHI) was stolen in a February ransomware attack. The data breach likely impacts a large proportion of people in the United States, but the investigation into the full impact of the incident continues.

Through initial data sampling, the company found files with PHI and PII, which could cover a large proportion of people in America. Roughly 4Tb of data may have been stolen in the attack that caused major healthcare system outages across the US. In early March, after UnitedHealth paid a $22 million ransom, the BlackCat operators, who were responsible for the attack, pulled an exit scam. Weeks later, the affiliate tried to extort the company again. On Monday, Change Healthcare was delisted from RansomHub’s leak site, which indicates that the company has paid another ransom.

Read More: UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack