Investing.com - Financial Markets Worldwide
Get 40% Off
Get 40% Off
🚨 Volatile Markets? Find Hidden Gems for Serious Outperformance
Find Stocks Now

Hackers claim to have UnitedHealth's stolen data - is it a bluff?

Published 04/09/2024, 05:27 PM
Updated 04/09/2024, 09:07 PM
© Reuters. FILE PHOTO: The corporate logo of the UnitedHealth Group appears on the side of one of their office buildings in Santa Ana, California, U.S., April 13, 2020. REUTERS/Mike Blake/File Photo

By Raphael Satter

WASHINGTON (Reuters) - A freshly formed hacking gang claims to have won access to a massive stash of data stolen from UnitedHealth Group (NYSE:UNH), the largest U.S. health insurer, but with little evidence to go on it is not clear whether they are telling the truth.

Hackers walloped UnitedHealth in February, paralyzing billions of dollars worth of health insurance payments across the country. The ransomware gang "Blackcat" initially said on its website that it had stolen 8 terabytes of sensitive records - including medical insurance and health data - only to swiftly delete the statement without explanation.

The new group, "Ransomhub," told Reuters that a disgruntled affiliate of Blackcat gave the data to them after a botched ransomware payment allowed Blackcat's hackers to vanish with $22 million in bitcoin.

Ransomhub refused to provide any backing for their claim or identify the affiliate.

"We will not disclose any information," the hackers said in a chat.

UnitedHealth said it was aware of the claim and was continuing to work with authorities. The FBI did not immediately return a message.

UnitedHealth has stayed mum on whether it paid the cybercriminals, but a hacker forum posting - backed by forensic blockchain evidence - claimed that Blackcat had cheated an affiliated hacker or hacker group out of a $22 million ransom paid by UnitedHealth to help contain the breach.

Blackcat then pulled a disappearing act, falsely claiming to have been nabbed by law enforcement.

Ransomhub told Reuters the Blackcat affiliate has since handed the data to them for resale. It declined to answer further questions, saying the group was busy.

3rd party Ad. Not an offer or recommendation by Investing.com. See disclosure here or remove ads .

With so much intrigue already surrounding the hack, experts urged caution about the claim.

Analyst Brett Callow of cybersecurity company Emsisoft said he suspected Ransomhub's claim was true, but he cautioned that he was making "a very low confidence guess" and that the group could be trying out a scam.

Darren Williams, the chief executive of cybersecurity company BlackFog, said he had seen a couple of gangs recently try to boost their credibility by lying about what they had. He said the latest claim was "highly likely" a bluff.

Latest comments

Install Our App
Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.