Hacker Claims UnitedHealth Paid $22 Million Ransom to Reclaim Data

Penka Hristovska
Penka Hristovska Senior Editor
Penka Hristovska Penka Hristovska Senior Editor

UnitedHealth Group paid $22 million to retrieve access to their data and systems encrypted by the Blackcat ransomware gang, according to a post on a hacker forum.

UnitedHealth refused to answer when asked whether the company paid the ransom and instead said it’s now “focused on the investigation and the recovery.” Blackcat has, similarly, neither confirmed nor denied the claims made in the post.

The forum where the post was uploaded is a known forum that’s highly popular among cybercriminals. The post was discovered by 2 researchers who reported on it earlier this week.

The forum post from Sunday linked UnitedHealth’s security breach to an associate of the Blackcat group. The post, allegedly from this associate, featured a link that showed a transfer of about 350 bitcoins, now valued at around $23 million because of the rising cryptocurrency value, moving from one digital wallet to another.

The individuals owning the involved digital wallets are not known to the public. Nevertheless, TRM Labs, a company specializing in blockchain analysis, reported that the wallet receiving the funds is connected to “AlphV,” known by another name, Blackcat. This connection was made based on observations of the same wallet address being used to gather ransom payments from several other victims of AlphV.

News of the hack first came late last month when UnitedHealth Group’s subsidiary, Change Healthcare, announced it had suffered a cyberattack that hindered its operations. The company, responsible for processing 15 billion health-related transactions annually, serves as a digital intermediary facilitating transactions between healthcare providers like doctors and hospitals, and insurers covering medical expenses and approving services.

The aftermath of the hack has seen disruptions in billing processes and prescription services for doctors, hospitals, and patients alike.

This has prompted US health authorities to call on insurance companies to implement measures to alleviate the digital congestion. HHS said it expected UnitedHealth to do “everything in its power to ensure continuity of operations.”

About the Author
Penka Hristovska
Penka Hristovska
Senior Editor

About the Author

Penka Hristovska is an editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.