UnitedHealth Cyberattack Punched a $872 Million Hole In its Finances
The figure was enough to push the insurance giant to a loss in Q1, despite its revenue beating expectations.
Sign up for smart news, insights, and analysis on the biggest financial stories of the day.
The doctor will see you now — unless a hacker gets in the way.
Health insurance giant UnitedHealth Group was hit with a cyberattack in February, and the company finally revealed its full cost as part of its Q1 earnings report on Tuesday: somewhere in the realm of $872 million so far, which could climb to $1.6 billion by the end of the year. The figure was enough to push UnitedHealth to a loss in Q1, despite its revenue beating expectations.
Tall, Dark, and Ransom
The cyberattack hit UnitedHealth’s Change Healthcare division, which provides claims processing and payment systems to healthcare providers. It was a ransomware attack, with a cybercrime group known as both ALPHV and Black Cat claiming responsibility, although this hasn’t been independently verified. Ransomware attacks hold data and software systems hostage, encrypting them so the victim can’t access their systems unless they pay a ransom. Change hasn’t confirmed whether it paid a ransom, though a report from Wired suggested the company paid out $22 million.
If that amount is correct, it’s a drop in the ocean for UnitedHealth, representing about 2.5% of the cost it disclosed on Tuesday. The hack had a devastating effect on doctor’s offices, pharmacies, and hospitals. One doctor told The Wall Street Journal last month that his office was considering taking out a loan to cover payroll.
The hack was undoubtedly one of the biggest cyberattack hits the sector has ever taken, and it’s also part of an alarming trend in targeting healthcare systems:
- According to cybersecurity analysis firm Security Intelligence, healthcare is the biggest target for online criminal groups, and last year the healthcare sector’s data breach costs were the highest of any industry.
- IBM’s Cost of a Data Breach Report in 2023 found that while the overall average data breach clocked in at $4.45 million, the average stood at $10.93 million in healthcare.
Double Punch: The initial ransomware gang who broke into Change Healthcare’s systems aren’t the only cybercriminals UnitedHealth has to worry about. A second ransomware gang, known as RansomHub, appears to have its hands on UnitedHealth’s stolen data — which includes extremely sensitive patient medical records — and is threatening to publish it on Friday, Axios reported. That cybersecurity bill just keeps getting longer and longer…