On February 21, 2024, UnitedHealth Group (the ‘company’) identified a suspected nation-state associated cyber security threat actor who had gained access to some of the Change Healthcare information technology systems,” UnitedHealth wrote in a Securities and Exchange Commission (SEC) filing.
UnitedHealth also added that the attack was limited to just Change Healthcare’s systems.
At the time of initial reporting, Cyber Daily observed that ALPHV had not yet listed Change Healthcare on its dark web leak site.
However, the threat group has since taken to its leak site to claim responsibility for the attack, publishing a statement on its leak site.
“UnitedHealth has announced that the attack is ‘strictly related’ to Change Healthcare only and it was initially attributed to a nation-state actor. Two lies in one sentence,” the group wrote.
“Only after threatening them to announce it was us, they started telling a different story.
“It is true that the attack is centered at Change Healthcare [production] and corporate networks, but why is the damage extremely high?
It also said the exfiltrated data includes “millions of” medical records, dental records, payment and claims information, insurance records, over 3,000 source code files for Change Healthcare and both active military personnel and patient personally identifiable information (PII) such as phone numbers, emails, addresses, social security numbers.