The UnitedHealth Group — one of the nation’s largest health care providers — said it is making progress in its recovery from one of the worst cyberattacks on a health care system in United States history, its CEO said earlier this week.
On Feb. 21, UnitedHealth Group announced a hacking group called ALPHV — also known as “BlackCat” — breached its system. Its subsidiary Change Healthcare was hit hardest by the attack.
“Change Healthcare can confirm we experienced a cybersecurity issue perpetrated by a cybercrime threat actor who has represented itself to us as ALPHV/Blackcat,” according to a statement on UnitedHealth Group’s website.
Change Healthcare processes 15 billion health care transactions annually and touches 1 in every 3 patient records, according to a letter sent to the U.S. Department of Health and Human Services from the American Hospital Association. “These transactions include services that directly affect patient care and pharmacy operations, and the attack “imposed significant consequences on hospitals and the communities they serve.”
Pharmacy, medical claims, and payment systems were targeted by the attack.
Change Healthcare will release medical claims software, which will be available to thousands of customers over the next several days. The company restored its electronic payments platform and 99% of its pharmacy network services are back, according to the statement from UnitedHealth Group.
UnitedHealth Group CEO Andrew Witty said in a statement Monday that it is continuing to “make significant progress in restoring the services impacted by this cyberattack.”
“We know this has been an enormous challenge for health care providers and we encourage any in need to contact us,” Witty said.
The company has paid more than $2 billion to assist health-care providers who’s finances have been impacted by the attack, Witty said.
Last week, the Department of Health and Human Services Office of Civil Rights said it is investigating the breach.
“Given the unprecedented magnitude of this cyberattack, and in the best interest of patients and health care providers, OCR is initiating an investigation into this incident,” a letter written by OCR’s Director Melanie Fontes Rainer. “OCR’s investigation of Change Healthcare and UHG will focus on whether a breach of protected health information occurred and Change Healthcare’s and UHG’s compliance with the HIPAA Rules.”
The American Hospital Association called the cyberattack “the most significant and consequential incident of its kind against the U.S. healthcare system in history.” The association said that the attack made it challenging for hospitals to provide patient care, complete prescriptions, submit insurance claims, and receive payment.
Some of BlackCat’s operations were disrupted by the FBI in December of 2023, and was responsible for such hacks as the MGM hack which shut down operations primarily along the Las Vegas strip at MGM properties.
The CEO of UnitedHealth Group, one of the largest healthcare companies in the United States, recently spoke out about the company’s recovery efforts following a major cyberattack that targeted their systems. The attack, which occurred last month, compromised sensitive patient data and disrupted operations across the company’s network.
In a statement released to the press, the CEO assured customers that UnitedHealth Group is taking all necessary steps to address the breach and protect the security of their data. The company has been working closely with cybersecurity experts to investigate the incident and implement measures to prevent future attacks.
The CEO emphasized the importance of transparency and communication during this challenging time, stating that UnitedHealth Group is committed to keeping customers informed about the status of the recovery efforts. The company has set up a dedicated hotline for customers to report any suspicious activity related to the breach and has also provided resources for individuals to protect themselves from potential identity theft.
In addition to addressing the immediate impact of the cyberattack, UnitedHealth Group is also focusing on strengthening their cybersecurity infrastructure to prevent similar incidents in the future. The CEO announced plans to invest in advanced security technologies and training programs for employees to enhance their awareness of cybersecurity best practices.
Despite the challenges posed by the cyberattack, the CEO expressed confidence in UnitedHealth Group’s ability to overcome this setback and continue providing high-quality healthcare services to their customers. The company remains committed to upholding the trust and confidence of their customers and will continue to prioritize cybersecurity as a top priority moving forward.
In conclusion, the CEO of UnitedHealth Group’s response to the recent cyberattack highlights the importance of proactive cybersecurity measures and effective communication in mitigating the impact of such incidents. By taking swift action and investing in robust security measures, UnitedHealth Group is demonstrating their commitment to safeguarding customer data and maintaining the integrity of their operations.
