Hackers acquired health and personal information about a potentially "substantial proportion" of consumers during the massive Change Healthcare cyberattack, parent company UnitedHealth Group said on Monday.

Hackers usually seek sensitive data such as patient records, medical histories or treatment plans for use in further criminal acts or ransom demands in such breaches. UnitedHealth acknowledged for the first time that it paid ransom in attempt to stop the disclosure of stolen data.

"A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure," CEO Andrew Witty told CNBC. "This attack was conducted by malicious threat actors, and we continue to work with the law enforcement and multiple leading cybersecurity firms during our investigation."

Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.

  • Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
  • Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
  • Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.