IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.
Cybersecurity

UnitedHealth Begins Informing Patients on Recent Breach

The Minnesota-based group has begun sending letters to patients whose information may have been accessed during a large cyber attack in February. The attack may have impacted data from as many as 1 in 3 Americans.

August 14, 2024 • 
Christopher Snowbeck, Star Tribune
A monument sign outside UnitedHealth Group headquarters bears its name.
UnitedHealth Group headquarters in Minnetonka, Minnesota. (Minneapolis Star Tribune/TNS)
Minneapolis Star Tribune/TNS
(TNS) — UnitedHealth Group has started sending letters to patients, saying information ranging from their health conditions to Social Security numbers may have been accessed during a huge cyber attack earlier this year.

One Minnesota patient shared with the Star Tribune a copy of a notice from the company dated Aug. 5. Minnetonka-based UnitedHealth Group says it also sent letters in late July.

The company has not said exactly how many letters are being sent, although Chief Executive Andrew Witty told congressional committees in May that data from one out of three Americans could have been involved in the hack.

“We are sorry to tell you about a privacy event,” says the letter from Change Healthcare, the subsidiary that suffered the cyber attack. “We work with many doctors, health insurance plans, and other health companies to help provide health services or benefits. This event may have involved your data.”

UnitedHealth Group says it has repaired and restored systems at Change Healthcare while improving security.

The cyber attack, which occurred in February, was hugely disruptive to the nation’s health care system because UnitedHealth Group had to shut down a widely used clearinghouse for processing claims in order to contain the threat. Health care providers, in turn, struggled for weeks and in some cases months to submit claims for reimbursement.

“Notice of Data Breach” documents being received by patients say the information that might have been seen and taken includes name, address, date of birth, phone number and email.

Hackers might also have accessed one or more items from several categories, the notice says, including health insurance data, health data, billing/claims data and other personal data, such as Social Security numbers.

“The data that may have been seen and taken was not the same for everyone,” the notice states. “Some of this data may be about the person who paid the bill for health care services.”

The breach occurred because a cyber criminal accessed the company’s computer system without permission, according to the letter.

UnitedHealth Group is offering free credit monitoring and identity theft protection for two years. The letter says people with questions and concerns can phone the company at 866-262-5342.

©2024 StarTribune, Distributed by Tribune Content Agency, LLC.

Tags:

PrivacyHealth and Human ServicesCybersecurity
gov-footer-logo-2024.png
gt-footer-logo.png
ii-footer-logo.png
nav-footer-logo.png
cdg-footer-logo.png
cde-footer-logo.png
cpsai-footer-logo.png
em-footer-logo.png