United Healthcare Pays Ransom, and Still Has Problems

PK Tech Blog Image

It’s easy to miss news of the cybersecurity threats and attacks happening almost everywhere. At PK Tech, our goal is to educate and offer proactive steps for cybersecurity safety. It’s important to be aware – without being afraid – of the cybersecurity threats that are real threats to your business. PK Tech aims to be a leading educator and support tool in the world of cybersecurity. 

This month we’re highlighting a cyberattack on healthcare giant UnitedHealth (reference), resulting in UnitedHealth paying a massive ransom payment. The burning question becomes: did paying the ransom make the problem go away? What happened, what was the fallout, and why should you care? We’re covering it all here. Let’s dive in.

What the “Hack” Happened?

If you read nothing else, know this: The Russian cybercriminals that attacked UnitedHealth walked away with full pockets. Yes, you read that right. A large ransom payment was made in dire efforts to protect patient data from disclosure. The group-owned UnitedHealth was forced to shut down operations at hospitals and pharmacies for more than a week after a Russian-based cybercriminal group targeted them. In the best effort to honor the privacy of their patients, sources report they paid $22 billion in the form of Bitcoin to the hacker group.

The Fallout

The attack caused major disruption to the large healthcare group, threatening to expose sensitive patient data from thousands of patients nationwide. The group alleged stealing six terabytes of data, which included sensitive medical records from Change Healthcare, a subgroup of UnitedHealth that processes health insurance claims for patients who visited hospitals, medical centers, or pharmacies. In a commitment to protect their patients, UnitedHealth made the difficult decision to pay up when ransom was demanded in exchange for the release of data.

Lessons Learned #ITCouldHaveBeenWorse

From this attack, we learn of the inherent power and risk of large groups and organizations. Change Healthcare, merely a subgroup of UnitedHealth, processes a staggering 15 billion transactions per year. Many patients were affected by the attack even if they were not direct customers of UnitedHealth because of their affiliation with Change Healthcare. As it stands, with more financial fallout likely to still occur as they recover from damages of lost data, the ransomware attack has already cost UnitedHealth Group almost $900 million. 

The lessons here are twofold: #1–paying the ransom does not solve everything” What does this mean? Paying ransom is not a flat fee situation. Organizations that pay ransom still experience other financial fallout from an attack–paying the demanded ransom does not stop the financial effects.

Lesson #2–if you are a large corporation or group, you are more likely to be a target. Perhaps an obvious statement–the larger the corporation, the larger the financial gain for cybercriminals (in general). Cybercriminals are after money. Large corporations usually have the most money. Unfortunately, it’s often that simple. 

While it’s never ideal to pay a ransom payment, the positive spin on this attack is that patient data was recovered, and a lot more sensitive information could have been lost. UnitedHealth made a decision that protected their patient’s privacy – it could have been much worse for the patients and customers involved.

Ready to chat? PK Tech would love to connect with your business. We provide managed IT services for small to medium-sized businesses in the Greater Phoenix Area. Book a complimentary call with a member of our team here