Hackers acquired health and personal information about a potentially "substantial proportion" of consumers during the massive Change Healthcare cyberattack, parent company UnitedHealth Group said on Monday.

Hackers usually seek sensitive data such as patient records, medical histories or treatment plans for use in further criminal acts or ransom demands in such breaches. UnitedHealth acknowledged for the first time that it paid ransom in attempt to stop the disclosure of stolen data.

"A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure," CEO Andrew Witty told CNBC. "This attack was conducted by malicious threat actors, and we continue to work with the law enforcement and multiple leading cybersecurity firms during our investigation."

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking benefits news and analysis, on-site and via our newsletters and custom alerts
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the property casualty insurance and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.