UnitedHealth says files with personal information that could cover a “substantial portion of people in America” may have been taken in the cyberattack earlier this year on its Change Healthcare business.
The company said Monday after markets closed that it sees no signs that doctor charts or full medical histories were released after the attack. But it may take several months of analysis before UnitedHealth can identify and notify people who were affected.
UnitedHealth did say that some screen shots containing protected health information or personally identifiable information were posted for about a week online on the dark web, which standard browsers can’t access.
The company is still monitoring the internet and dark web and said there has been no addition file publication. It has started a website to answer questions and a call center.
The company also is offering free credit monitoring and identity theft protection for people affected by the attack.
UnitedHealth said in February that a ransomware group had gained access to some of the systems of its Change Healthcare business, which provides technology used to submit and process insurance claims.
The attack disrupted payment and claims processing around the country, stressing doctor’s offices and health care systems.
Federal civil rights investigators are already looking into whether protected health information was exposed in the attack.
UnitedHealth said Monday that it was still restoring services disrupted by the attack. It has been focused first on restoring those that affect patient access to care or medication.
The company said both pharmacy services and medical claims were back to near normal levels. It said payment process was back to about 86% of pre-attack levels.
UnitedHealth said last week when it reported first-quarter results that the company has provided more than $6 billion in advance funding and interest-free loans to health care providers affected by the attack.
UnitedHealth took an $872 million hit from from the cyberattack in the first quarter, and company officials said that could grow beyond $1.5 billion for the year.
Minnetonka, Minnesota-based UnitedHealth Group Inc. runs one of the nation’s largest health insurers. It also runs one of the nation’s largest pharmacy benefits management businesses, provides care and offers technology services.
Company shares edged up 91 cents to $492.14 in late-morning trading Tuesday while broader indexes also climbed.
