The incident involving the cybercriminals based in Russia who targeted a company owned by UnitedHealth Group in February did not end without a payoff.
A spokesperson from UnitedHealth Group confirmed with CBS News that "A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure."
The exact amount paid by the health giant after the cyberattack, which led to the shutdown of operations at hospitals and pharmacies for over a week, was not disclosed by the spokesperson. However, various media outlets have indicated that UnitedHealth made a payment of $22 million in bitcoin.
"We know this attack has caused concern and disruption for consumers and providers, and we are dedicated to providing assistance and support to anyone in need," stated UnitedHealth CEO Andrew Witty on Monday.
UnitedHealth attributed the breach to a Russian ransomware group known as ALPHV or BlackCat. The group itself took credit for the attack, claiming to have stolen over six terabytes of data, including "sensitive" medical records, from Change Healthcare, a company that handles health insurance claims for individuals who have visited healthcare facilities.
The magnitude of the breach was staggering - Change Healthcare handles a whopping 15 billion transactions annually, as reported by the American Hospital Association. This massive attack not only impacted customers of UnitedHealth but also put patients at risk. The repercussions of the attack have already cost UnitedHealth Group a staggering sum of nearly $900 million.
Ransomware attacks, a method that involves crippling a target's computer systems, have become alarmingly prevalent in the healthcare sector. According to a 2022 study published in JAMA Health Forum, the annual count of ransomware attacks against hospitals and healthcare providers doubled from 2016 to 2021.
