UnitedHealth confirms paying hackers to protect sensitive patient data after a major cyberattack.

Continue reading
The UnitedHealth Group suffered a cyberattack, resulting in a ransom payment to protect sensitive data.
This Threatfeed delves into the attack's details, implications, and security measures.
In late February, UnitedHealth Group experienced the Optum ransomware attack, causing a disruption in critical services, including payment processing and prescription writing.
The attack led to $872 million in financial damages.
The BlackCat/ALPHV ransomware gang claimed responsibility for the attack, alleging theft of 6TB of patient data. They demanded a ransom, leading to a payment of $22 million.
However, an affiliate, "Notchy," claimed BlackCat cheated them of the payment.
Following the attack, the U.S. government launched an investigation into potential data theft. RansomHub, an extortion group, increased pressure on UnitedHealth by leaking corporate and patient data stolen during the attack. UnitedHealth confirmed paying a ransom to protect patient data from disclosure.
UnitedHealth acknowledged a data breach, stating that sensitive information, including protected health and personally identifiable information, was compromised. While only a few screenshots have surfaced on the dark web, the full extent of data exfiltration remains under investigation.
UnitedHealth is taking steps to mitigate the impact, offering two years of free credit monitoring and identity theft protection services. Despite the breach, 99% of services are operational, with medical claims flowing at near-normal levels.

A single ClickFix infrastructure is pushing StealC, Amatera, Remus, NetSupport, CastleLoader and a new loader called ResiLoader through fake Google/Cloudflare checks.