There is now a one in three chance that your confidential financial and health information is in the hands of criminals or terrorists who can now use it to hack or defraud you.
UnitedHealth Group (UHG) CEO Sir Andrew Witty made that estimate in testimony to the House Committee on Energy and Commerce.
Your vulnerability is the result of a major cyber attack on Change Healthcare (CHC), part of UnitedHealth Group, that occurred on February 24th. Change handles insurance and pharmacy claims processing, provider payments, and treatment authorization. While these attacks have caused chaos in the healthcare industry, the impact on individuals is coming to light.
What you can do
If you think you've been compromised by a cyber attack, the company will pay for two years of credit monitoring and identity protection services.
In addition, CHC recommends that you regularly monitor financial and health records. That includes:
- Examining health care claims for charges of unlicensed or false treatment. If you receive false information, you should contact your health plan or provider.
- Reviewing bank statements, credit card statements, credit reports, and tax returns for unauthorized activity. Any false information should be reported to your bank or the appropriate agency or credit bureau.
Change offers live support Monday through Friday from 8 am to 8 pm CT at 1-866-262-5342.
In addition, the company has established online services in change cybersupport.com.
Health Impact
Change processes about half of all medical claims in the United States, according to the 2022 case. That equates to serving approximately 900,000 doctors, 118,000 dentists, 33,000 pharmacies, 5,500 hospitals, and 600 laboratories.
The forum considers about 15 billion transactions a year worth $1.5 trillion.
The cyberattack on Change shut down large parts of the healthcare industry. Although this month United Healthcare reported that it had restored most of its services. The company also made $9 billion in advance payments and interest-free loans to service providers.
The impact on the health care system included:
- Creating a large number of unpaid claims, resulting in cash flow problems for medical practices and hospitals.
- Preventing or delaying the filling of prescriptions.
- Interfering with or preventing the submission of claims or verifying the eligibility of benefits.
- Delays in patient care and reimbursement.
The change notified healthcare providers, insurance companies, and related organizations that patient information was stolen in a cyber attack. The company started sending out notifications to people who may have been affected a few days ago.
Cyber Attack Nets Large Amounts of Data
CHC says The disclosed data may include:
- Personal contact information, including addresses and dates of birth.
- Health insurance information, including member/group identification numbers and Medicare or Medicaid ID numbers.
- Health information, including medical record numbers, providers, diagnoses, medications, test results, and pictures.
- Payment information, claims, and payment information, including bank information and balances due.
- Other personal information, including Social Security numbers, driver's license/state ID numbers, and passport numbers.
In April, RansomHub, a hacker group, began offering to sell information from the CHC breach on the dark web, according to Dark Web Informer, which monitors hacker activity. In the post, the group says it has individual medical and dental records, active duty military health records, insurance records, and addresses and social security numbers for individuals.
“To many unsuspecting Americans, we may have your personal data,” RansomHub wrote.
UnitedHealth Benefits Increase Despite Cyber Attack
UnitedHealth Group reported that its losses from cyber attacks reached $1.1 billion in the first quarter and estimated that the total liability could reach $2.45 billion annually.
At the same time, the health care behemoth is rolling in dough. In the second quarter earnings report last week, UnitedHealth posted a profit of $4.2 billion on revenue of $98.9 billion.
The positive financial picture comes though as UnitedHealth paid $22 million in bitcoin as the ransom demanded by the attacker. ALPHV/BlackCat ransomware group.
How did it happen
In testimony to the Senate Finance Committee, Witty said stolen login credentials were used to access a server that did not use multifactor authentication (MFA).
Multifactor authentication is common when logging into sites. You've probably logged into a financial site that takes your username and password – then sends you a code via text or email to complete your access. That's multifactor authentication.
UHC acquired Change in October 2022. Much of the company's technology was outdated, according to Willy. As a result, UHC was delivering that technology quickly during the attack.
“We were on a mission to improve the technology we had found,” said Witty. “But inside there, there was a server, which I'm very dismayed to tell you was not protected by MFA. “That was the server through which hackers were able to get into Change. Then they lead to a ransomware attack, if you will, that encrypted and froze large parts of the system. “
Lawsuit Filed Against United Health
On Monday the National Community Pharmacists Association and several providers in several states filed suit against UHC, CHC, and UHC subsidiary Optimum. The class action charges that UHC and its subsidiaries failed to take precautions against potential cyber attacks and misled customers about the security of its network.
The law says:
“Because the defendants terminated the Change Platform, many health care providers lost their primary (and in some cases only) source of processing their patients' claims and did not receive payment. Healthcare providers had to absorb these upfront costs. In addition to losses due to non-payment, many pharmacies had to take out loans or drain savings to buy expensive new software.”
Read more:
- Caffeine May Affect Gut Health Unexpected Findings
- Fighting Rising Drug Prices
Back to what you love! Dollardig.com is the most trusted cashback site on the web. Just sign upclick, buy, and get a full refund!
Source link
