UnitedHealth Group, parent company of Optum and Change Healthcare, has confirmed that it paid the ransom demands of the cybercriminals behind the late February incident that led to widespread service outages in the U.S. healthcare industry.
In a statement on Monday, UnitedHealth (UHG) said, "A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure."
A post on a popular hacker forum claimed that UHG paid $22 million in Bitcoin to the cybercriminals in February.
The attack, attributed to the BlackCat/ALPHV ransomware gang, resulted in a significant outage impacting Change Healthcare payment systems, which play a pivotal role in various critical healthcare services across the United States. These services include payment processing, prescription writing, and insurance claims, all of which are integral to the functioning of healthcare providers and pharmacies nationwide.
[RELATED: Hospitals Seek Federal Help as Change Healthcare Ransomware Attack Disrupts Payments]
The severity of the attack was compounded by the claim made by the BlackCat gang asserting that they had stolen a substantial volume of sensitive patient data totaling 6TB.
However, the situation took a dramatic turn when BlackCat allegedly engaged in an exit scam shortly after receiving a $22 million ransom payment from UnitedHealth Group. This move left one of the gang's affiliates, known as "Notchy," aggrieved, claiming that they had conducted the attack and were cheated out of the ransom payment.
Following these events, the U.S. government initiated an investigation into the ransomware attack to ascertain whether health data had been compromised. Amidst mounting pressure, the extortion group RansomHub further exacerbated the situation by threatening to leak corporate and patient data stolen during the attack.
In response, UHG conceded to the demands and paid a ransom to prevent the unauthorized disclosure of patient data. The company emphasized its commitment to protecting patient information, stating that the ransom payment was made to mitigate the risk of data being sold or leaked to cybercriminals.
Despite these assurances, concerns persist within the cybersecurity community regarding the efficacy of ransom payments in resolving such incidents. There is a growing consensus among experts that capitulating to ransom demands may embolden cybercriminals and perpetuate a cycle of extortion.
[RELATED: Ransomware Conundrum: When Paying Hackers Is Not Enough]
On April 16th, UnitedHealth Group reported an $872 million impact on its 2024 Q1 earnings due to the ransomware incident and subsequent fallout.
Despite that staggering financial cost, the company reported first quarter earnings of $7.9 billion, with quarterly revenues growing almost $8 billion year over year to $99.8 billion.
The incident's impact includes $593 million in direct cyberattack response costs and $279 million from disruptions to business.
"Out of prudence, due to the potential for the cyberattack to affect claims receipt timing, the company reflected an additional $800 million of claims reserves," the company said.
To learn more and connect with cybersecurity leaders across the healthcare and medical sectors, attend the SecureWorld Healthcare virtual conference on May 1, 2024. See the agenda and register for free here.
