A cyberattack earlier this year against a UnitedHealth Group subsidiary has proved costly for one of the nation's largest employers.
The health insurance giant on Tuesday noted $872 million in "unfavorable cyberattack effects" while reporting its first quarter operations earnings. Those unfavorable effects refer to the February 21 cyberattack on Change Healthcare, which shut down operations at hospitals and pharmacies for more than a week. The $872 million includes "the Change Healthcare business disruption impacts and exclude the cyberattack direct response costs," which likely excludes any amount UnitedHealth may have paid to hackers as a ransom.
UnitedHealth confirmed soon after the breach that the cybercriminals behind the attack was a Russia-based ransomware gang known as ALPHV or BlackCat. The group itself claimed responsibility for the attack, alleging it stole more than six terabytes of data, including "sensitive" medical records.
UnitedHealth did now reveal how much — if at all — it paid the hackers to have their systems restored. However, multiple media sources at the time, including Wired Magazine, reported that a ransom payment for the amount of $22 million was made to BlackCat in the form of bitcoin.
UnitedHealth declined a request for comment by CBS MoneyWatch on Tuesday.
Havoc on health care companies
Ransomeware attacks, which involve disabling a target's computer systems and cause considerable havoc, are nothing new and have become increasingly more common within the health care system. A study published in JAMA Health Forum in December 2022 found that the annual number of ransomware attacks against hospitals and other providers doubled from 2016 to 2021.
A study published in May 2023 in JAMA Network Open examining the effects of an attack on a health system found that waiting times, median length of stay, and incidents of patients leaving against medical advice all increased. An October 2023 preprint from researchers at the University of Minnesota found a nearly 21% increase in mortality for patients in a ransomware-stricken hospital.
"The remediation process went smoothly and we are on track to fully restore our systems," stated Witty.
Optum Insight's CEO, Roger Connor, reported that approximately 80% of Change Healthcare's pharmacy claims and payment computer systems have been recovered following the cyberattack, as mentioned in the analysts' briefing.
