Ashley Capoot reports:
UnitedHealth Group on Monday said it paid ransom to cyberthreat actors to try and protect patient data, following the February cyberattack on its subsidiary Change Healthcare. The company also confirmed that files containing personal information were compromised in the breach.
“This attack was conducted by malicious threat actors, and we continue to work with the law enforcement and multiple leading cyber security firms during our investigation,” UnitedHealth told CNBC in a statement. “A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure.”
The company did not specify the ransom payment amount.
Read more at CNBC.
Update 1: UnitedHealth Group’s statement seems inaccurate in part where it says:
The company, along with leading external industry experts, continues to monitor the internet and dark web to determine if data has been published. There were 22 screenshots, allegedly from exfiltrated files, some containing PHI and PII, posted for about a week on the dark web by a malicious threat actor. No further publication of PHI or PII has occurred at this time.
But other data had been leaked on two onion urls. DataBreaches captured copies of those pages.
And in his own reporting, Zack Whittaker of TechCrunch adds some detail about the original attack:
The Wall Street Journal reported Monday that the criminal hacking affiliate of ALPHV broke into Change Healthcare’s network using stolen credentials for a system that allows remote access to its network. The hackers were in Change Healthcare’s network for more than a week before deploying ransomware, allowing the hackers to steal significant amounts of data from the company’s systems.