Witty also confirmed that a ransom was paid in an attempt to safeguard personal health information. But hackers engaged in an exit scam in order to extort UnitedHealth Group a second time.
The group behind BlackCat often uses double extortion tactics. And sometimes utilizes triple extortion exposing exfiltrated data and threatening to launch distributed denial-of-service (DDoS) attacks on victims’ infrastructure.
The full extent of the data breach, which compromised both personally identifiable information (PII) and protected health information (PHI), is still being assessed. It’s estimated that a significant portion of the American population may be affected.
UnitedHealth Group Response
Upon discovering the attack, UnitedHealth Group disconnected Change Healthcare’s systems from the internet. Then a comprehensive restoration effort was made to rebuild the infrastructure from scratch. They replaced equipment, rotated credentials, and expanded server capacity.
Despite substantial progress, services to pharmacies and hospitals were severely impacted.
