Hackers disclose personal information stolen in Change Healthcare cyberattack

The Change Healthcare cyberattack likely involved personal information of a “substantial proportion of people in America,” according to new information released by UnitedHealth Group. But the company said they haven’t seen evidence of doctors’ charts or full medical histories among the data that was affected.

Change Healthcare, a UnitedHealth company that provides claims processing, is still dealing with the effects of a ransomware attack on its systems. Change was hacked on Feb. 21, 2024, which created huge disruption to pharmacy and medical claims services, including electronic prescribing, claim submission and payment transmission.

“We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it,” Andrew Witty, chief executive officer of UnitedHealth Group, said in this statement.

So far, UnitedHealth has found 22 screenshots, allegedly taken from Change Healthcare files, that were posted for about a week on the dark web, the company said in the statement. Some of these photos contained personal health information. UnitedHealth said they are communicating with law enforcement and regulators and will reach out those who have been impacted by the breach.

Additionally, the company said it’s making progress in restoring services. Pharmacy services are now back to near-normal levels, with 99% of pre-incident pharmacies able to process claims. Medical claims are at near-normal levels. Payment processing has about 86% functionality.

But UnitedHealth indicated that it will likely take several more months of analysis to determine the extent of the impact of the breach. In the meantime, the company has set up a website (http://changecybersupport.com/) and call center (1-866-262-5342) for patients to provide free credit monitoring and identity theft protections for two years to anyone impacted.

UnitedHealth said in a Securities and Exchange Commission filing that on Feb. 21, 2024, that it had identified that a “nation-state associated cyber security threat actor” had gained access to Change Health’s information systems. The next week, UnitedHealth confirmed that a group representing itself as ALPHV/Blackcat had launched the cyberattack. The federal Cybersecurity & Infrastructure Security Agency (CISA) issued an updated warning about ALPHV/Blackcat on Feb. 27, 2024.

Change Healthcare said in an update that it been begun processing medical claims again at the end of March 2023. United Healthcare was also providing financial support to providers who were impacted when the system shut down. The insurer said on April 16, that it had advanced more than $6 billion to providers while they worked to get claims processing and payment systems fully operational.

In its first quarter results for 2024, UnitedHealth Group said the cyberattack contributed to a net loss for the quarter. The company earnings reflect a $870 million impact for the cyber attack, or $0.74 per share. Of the $870 million, about $595 million were direct costs including the clearinghouse platform restoration and other response efforts, such as medical expenses directly relating to the temporary suspension of some care management activities. The company estimates full year 2024 impacts will be $1 billion to $1.15 billion, or $1.15 to $1.35 per share.

About “Change Healthcare ... this was an unprecedented attack by a malicious actor on the U.S. health system. We promptly disconnected the affected services and turned our focus to two main areas: restoration and support,” Witty said in prepared remarks about first quarter earnings. “Fortunately, we were able to bring to bear the substantial resources of UnitedHealth Group to drive the recovery and begin to mitigate the impact.”

The company’s earnings were also impacted by the sale of its Brazil operations. UnitedHealth recorded an approximately $7 billion charge in the quarter mostly because of the cumulative impact of foreign currency translation losses. Adjusted earnings from operations of $8.5 billion include the Change Healthcare business disruption impacts and exclude the cyberattack direct response costs.

Revenue at the company increased almost $8 billion in the first quarter of 2024 compared with the first quarter of 2023. Optum Health and Optum Rx contributed to growth in the first quarter.

Optum Rx revenue increased 12% in the first quarter. Company officials said this was due to growth in serving new customers, expanded relationships with existing clients and continued advancement in the comprehensive scope of pharmacy services offered.