DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach

Posted on April 29, 2024 by Dissent

Note: Marco A. De Felice (aka @amvinfe) has been doing some great investigative blogging on ransomware groups and incidents. If you’re not checking his  SuspectFile site regularly, you are missing out on some of his exclusive reporting.  

De Felice’s recent coverage of Medusa’s attack on Northeast Ohio Neighborhood Health (NEON) begins:

Another significant data breach looms for United Healthcare (UHC), involving patient documents belonging to its Optum financial assistance program and its subsidiary Change Healthcare.

In recent hours, the ransomware group Medusa has claimed on its website, within Tor networks, the cyberattack on the servers of Northeast Ohio Neighborhood Health (NEON), a company providing healthcare services headquartered in Cleveland, Ohio, and the exfiltration of nearly 51GB of data. Many of these documents refer to PHI and PII of patients associated with health insurance contracts with the United Healthcare Group.

SuspectFile.com has also had the opportunity to review a series of contracts and administrative documents that NEON has entered into with other health insurance companies, providers, organizations providing home care services, childcare agencies, companies developing software for electronic health records, and management systems for the healthcare sector. Among the files exfiltrated by Medusa are financial reports, board reports, and banking documents.

The ransomware cyberattack occurred on April 15th when Medusa gained access to NEON’s computer systems. After exfiltrating 51GB of data from the servers, Medusa proceeded to encrypt the files, and on the blog, the group states the price that NEON will be forced to pay for file deletion, with the ransom amounting to $250,000; the group has set the same price for their sale. NEON has just over 2 days left before their data is sold or made public.

De Felice includes a number of samples of protected health information offered as proof of claims. Read more of his findings and analysis on SuspectFile.

What Next?

Although Medusa threatened to leak or sell all the data on or after April 26, the data have not been leaked as yet and there is no indication that the data have been sold.  De Felice tells DataBreaches that Medusa has told them the data will be leaked on the group’s Telegram channel when it is leaked.

A check of NEON’s website does not find any alert or notification about a breach. Given that some sensitive and protected health information has already been leaked, DataBreaches sent a contact form inquiry to NEON today asking whether they are notifying patients of the attack. No reply has been immediately available. Nor is it known whether the encryption has impacted any of their functions or services.

This post may be updated when more information becomes available, although those interested in this particular incident would do well to check SuspectFile for any updates, as they are likely to update faster than this site can.

Category: Health DataMalwareU.S.

Post navigation

← All London Drugs stores closed across Western Canada due to “operational issue”
Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • FTC Finalizes Order with GoDaddy over Data Security Failures
  • Hacker steals $223 million in Cetus Protocol cryptocurrency heist
  • Operation ENDGAME strikes again: the ransomware kill chain broken at its source
  • Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials
  • Mysterious hacking group Careto was run by the Spanish government, sources say
  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Meta may continue to train AI with user data, German court says
  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.