2024-02-22 UNITEDHEALTH GROUP INC Cybersecurity Incident

Page last updated on July 16, 2024

UNITEDHEALTH GROUP INC initially disclosed a cybersecurity incident in an SEC 8-K filing on 2024-02-22 16:08:47 EST.

Incident Details

Material: Unknown
Is Breach: TRUE
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date: 2024-02-12
Detected Date: 2024-02-21
Disclosure Date: 2024-02-22
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: $1B - $1.15B

Filings

8-K filed on 2024-02-22

UNITEDHEALTH GROUP INC filed an 8-K at 2024-02-22 16:08:47 EST
Accession Number: 0000731766-24-000045

Item 1.05 Material Cybersecurity Incidents.

On February 21, 2024, UnitedHealth Group (the “Company”) identified a suspected nation-state associated cyber security threat actor had gained access to some of the Change Healthcare information technology systems. Immediately upon detection of this outside threat, the Company proactively isolated the impacted systems from other connecting systems in the interest of protecting our partners and patients, to contain, assess and remediate the incident.

The Company is working diligently to restore those systems and resume normal operations as soon as possible, but cannot estimate the duration or extent of the disruption at this time. The Company has retained leading security experts, is working with law enforcement and notified customers, clients and certain government agencies. At this time, the Company believes the network interruption is specific to Change Healthcare systems, and all other systems across the Company are operational.

During the disruption, certain networks and transactional services may not be accessible. The Company is providing updates on the incident at https://status.changehealthcare.com/incidents/hqpjz25fn3n7. Please access that site for further information.

As of the date of this report, the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.


8-K/A filed on 2024-03-08

UNITEDHEALTH GROUP INC filed a 8-K/A at 2024-03-08 17:13:56 EST
Accession Number: 0000731766-24-000085

Explanatory Note.

This Amendment No. 1 (the “Amendment”) amends the Current Report on Form 8-K filed by UnitedHealth Group Incorporated (the “Company”) with the Securities and Exchange Commission on February 22, 2024 (the “Original Report”).

Item 1.05 Material Cybersecurity Incidents.

As an update to the Original Report, the Company identified that cybercrime threat actors had gained access to certain Change Healthcare information technology systems. Immediately upon detection of this outside threat, the Company isolated the impacted systems from other connected systems in order to protect the Company’s partners and customers. The Company promptly notified customers, law enforcement and government agencies.

The Company is making substantial progress in mitigating the impact to consumers and care providers of the unprecedented cyberattack on the U.S. health system and certain Change Healthcare services. The Company’s focus has been on ensuring patient access to care and medications by addressing challenges to pharmacy, medical claims and payment services targeted by the attack. The Company is working tirelessly to restore affected services and resume normal operations and along with law enforcement is investigating the extent of impacted data. The Company continues to believe the issue is specific to Change Healthcare. All other systems across the Company are operational.

The progress the Company is making, including interim measures and an expected timeline for restoration of key Change Healthcare systems, is described in a press release which the Company issued on March 7, 2024, a copy of which is attached to the Amendment as Exhibit 99.1.

As of the date of this Amendment, the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.

Exhibit No. 99.1

Press Release dated March 7, 2024



8-K/A filed on 2024-04-24

UNITEDHEALTH GROUP INC filed a 8-K/A at 2024-04-24 16:02:43 EDT
Accession Number: 0000731766-24-000150

Explanatory Note.

This Amendment No. 2 (the “Amendment”) amends the Current Report on Form 8-K filed by UnitedHealth Group Incorporated (the “Company”) with the Securities and Exchange Commission on February 22, 2024 (the “Original Report”), as amended by the Current Report on Form 8-K/A filed on March 8, 2024 (“Amendment No. 1” and together with the Original Report are collectively referred to as the “Filed Reports”). Except as set forth in this Amendment, the information included in the Filed Reports remains unchanged.

Item 1.05 Material Cybersecurity Incidents.

As an update to information concerning the Change Healthcare cyberattack contained in the Filed Reports, the Company issued a press release on April 22, 2024, regarding its ongoing data assessment and support for impacted individuals, support for providers and customers with notifications, and Change Healthcare service restoration progress. A copy of the press release is attached to the Amendment as Exhibit 99.1 and incorporated by reference herein.

Exhibit No. 99.1

Press Release dated April 22, 2024

UnitedHealth Group Updates on Change Healthcare Cyberattack

Provides Update on Ongoing Review of Impacted Patient Data

Offers Support for People Potentially Impacted

Makes Strong Progress in Restoring Change Healthcare Services

(April 22, 2024) - UnitedHealth Group (NYSE: UNH) is announcing support for people who may be concerned about their personal data potentially being impacted based on preliminary findings from the ongoing investigation and review of the data involved in the malicious criminal cyberattack on Change Healthcare. The company is also providing an update on progress in restoring Change Healthcare’s products and services.

Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America. To date, the company has not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data.

“We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it,” said Andrew Witty, chief executive officer of UnitedHealth Group.

Data Assessment and Support for Impacted Individuals

Given the ongoing nature and complexity of the data review, it is likely to take several months of continued analysis before enough information will be available to identify and notify impacted customers and individuals. As the company continues to work with leading industry experts to analyze data involved in this cyberattack, it is immediately providing support and robust protections, rather than waiting until the conclusion of the data review.

People can visit a dedicated website at http://changecybersupport.com to get more information and details on these resources. A dedicated call center has been established to offer free credit monitoring and identity theft protections for two years to anyone impacted. The call center will also include trained clinicians to provide support services. Given the ongoing nature and complexity of the data review, the call center will not be able to provide any specifics on individual data impact at this time.

The call center can be reached at 1-866-262-5342 and further details can be found on the website.

The company, along with leading external industry experts, continues to monitor the internet and dark web to determine if data has been published. There were 22 screenshots, allegedly from exfiltrated files, some containing PHI and PII, posted for about a week on the dark web by a malicious threat actor. No further publication of PHI or PII has occurred at this time.

While this comprehensive data analysis is conducted, the company is in communication with law enforcement and regulators and will provide appropriate notifications when the company can confirm the information involved. This is not an official breach notification. The company will reach out to stakeholders when there is sufficient information for notifications and will be transparent with the process.

To help ease reporting obligations on other stakeholders whose data may have been compromised as part of this cyberattack, UnitedHealth Group has offered to make notifications and undertake related administrative requirements on behalf of any provider or customer.

Change Healthcare Service Restoration Change Healthcare has made continued strong progress restoring services impacted by the event. We have prioritized the restoration of services that impact patient access to care or medication.


Analyst Notes

Company Information

NameUNITEDHEALTH GROUP INC
CIK0000731766
SIC DescriptionHospital & Medical Service Plans
TickerUNH - NYSE
Website
CategoryLarge accelerated filer
Fiscal Year EndDecember 30