Love working with ICS? Leave us a review here!
Love working with ICS? Leave us a review here!
Love working with ICS? Leave us a review here!
Love working with ICS? Leave us a review here!

How a Cyberattack Cost UnitedHealth Group $22 Million

Mar 28, 2024

Imagine waking up one morning to discover that cybercriminals were holding a $22 million ransom on your personal information. Sounds like a script from a Hollywood blockbuster, right? Well, this was a bleak reality for Change Healthcare, a subsidiary of UnitedHealth Group, in late February of this year. 

Now, both organizations are being investigated by the Department of Health over concerns of massive amounts of breached patient data. They will also undergo an assessment to determine if the companies’ compliance with health privacy laws is valid.

One class action lawsuit filed in response to the incident points to failed security measures. It claims Change Healthcare failed to provide reasonable security and protect its patients’ confidential PII. According to Gibbs Law Group, which represents the class action lawsuit, it “is one of the most significant data breaches impacting the U.S. healthcare system.”

Per sources on Forbes and Reuters, UnitedHealth Group apparently paid the $22 million ransom in Bitcoin to release all the patient data. A certain conglomerate of hackers dubbed Blackcat is thought to be responsible for carrying out the cyberattack.


Unknown Factors Remain at Play

However, even given the extent of the healthcare data breach, there’s still more to uncover. The exact extent of the cyberattack on Change Healthcare is unknown. How will their patients be affected in the long run? Change Healthcare will likely face continued backlash over this event, from a patient perspective, as well as extended scrutiny by the Department of Health.

In many cases, situations like this arise when healthcare organizations fail to conduct appropriate risk assessments. HIPAA compliance violations are also likely. The repercussions extend far beyond their organization into dozens of interconnected healthcare companies and into the lives of millions of people.


What We Do Know

If this incident has taught healthcare providers anything, it’s that cybersecurity is of the utmost importance. Not even the big dogs are invincible. This event pokes at the vulnerability of America’s healthcare system and reminds us that so much goes on beyond the clinic doors. Is our personally identifiable information ever truly secure? 

While we can’t answer that question, we can offer some solace: cybersecurity is constantly improving. The more these instances occur, the more we uncover, and the more we can tailor our cybersecurity solutions to stay one step ahead of wannabe hackers.

Organizations across all sectors — not just healthcare — should use this as a push to tighten the reigns of their cybersecurity. As our digital world evolves, so must your strategies and security protocols.

ICS works deeply with healthcare providers and large medical organizations across the South. From vulnerability management to EHR support, we are your go-to touchpoint for every aspect of IT

We don’t want you to become another Change Healthcare case. Do your part to keep your patients’ personal information under lock and key through proactive cybersecurity policies, 24/7 monitoring, and expert action.

Learn more about ICS by scheduling a call today to receive a free quote for IT and cybersecurity solutions.

 Even if you’re on the fence about your IT and don’t know where to start, let’s discuss it