UnitedHealth data leak might affect ‘substantial’ swath of U.S.
Delta Air Lines employs close to 1,000 people in South Florida and was Miami International Airport’s second-busiest airline last year.
UnitedHealth Group Inc. found files containing private information on a vast number of Americans whose data might have been compromised in a February cyberattack that upended the U.S. health system.
A sample of the breached files found they contain personal information , including health data, that “could cover a substantial proportion of people in America,” according to a statement on the company’s website Monday.
The disclosure suggests the attack could be one of the largest healthcare-data breaches on record.
Among the many unanswered questions is how many people’s data might have been exposed.
Tallying the privacy impacts might take months, UnitedHealth said.
The company has not yet found evidence that doctors’ charts or full medical histories were exposed. It set up a website and call center to assist people with credit monitoring.
Earlier Monday, the company said it paid a ransom in the attack “as part of the company’s commitment to do all it could to protect patient data from disclosure,” a company spokesperson said in an email. UnitedHealth declined to provide more details.
UnitedHealth said last week that the attack could reduce its earnings by as much as $1.6 billion this year, though most of that is one-time costs excluded from adjusted results.
The hackers gained access through compromised credentials that didn’t have multi-factor authentication checks, the Wall Street Journal reported Monday, citing a person familiar with the investigation.
Wired reported last month that a hacking group involved in the attack got a $22 million bitcoin payment on March 1. UnitedHealth previously declined to comment on the ransom payment.