UnitedHealthcare Patients Exposed in An Unexpected Data Breach
Table of Contents
- By Steven
- Sep 08, 2023
UnitedHealthcare is a large insurance company that serves more than 8 million Americans throughout the United States. The company gathers health, personal, and financial information and utilizes all those different data points to provide reliable insurance services. It's upsetting to learn that UnitedHealthcare was recently attacked and significant data may have been lost.
How Did the Attack Occur?
On December 29, 2022, UnitedHealthcare discovered its broker platform may be exposed in a way that releases customer information and enables users to access parts of the business. On February 3, 2023, the company confirmed it was vulnerable and that an unauthorized user accessed information from its broker and agent portal. The user accessed this tool between December 1, 2022, and January 25, 2023. During that time, a significant amount of customer data could have been stolen.
What Information Was Viewed or Stolen?
According to the experts at UnitedHealthcare, each victim of the breach lost a mixture of data. The data stolen includes any of the following information: Member ID numbers, first and last names, different plan types, and the state and county of residency of the individual. No Social Security numbers or Driver's License numbers should have been available for the hackers to take in the breach. We don't know if any additional information was taken in the breach; this is just what was reported by UnitedHealthcare.
How Did UnitedHealthcare Admit to the Breach?
UnitedHealthcare sent notices to everyone affected by the breach. The insurance company also responded to media requests and explained the situation to outlets that asked about it. We don't believe the company released an official announcement of its own, but the victims of the breach should be aware that their information was involved. If you get a notice from the insurance company, you should start watching for any phishing attacks and be careful about who you provide your information to.
What Will Become of the Stolen Information?
Since no Social Security numbers or Driver's License numbers were taken, identity theft attacks aren't possible currently. No financial details were exposed for any customers in the UnitedHealthcare system either. Enough information was exposed to enable the attacker to launch effective phishing attacks though. That means the user will likely send out fake emails and text messages in an attempt to collect useful information. If an attacker is able to gather useful information from you they could launch an identity theft attack or take over some of your other internet accounts.
What Should Affected Parties Do in the Aftermath of the Breach?
If you receive an email or text you don't trust completely, avoid providing personal or private information. If you receive any password reset requests, never submit a password through email or text, and always verify that you're on the UnitedHealthcare website or whatever site that's requesting the password change before you submit your data. You should manually type in the link destination rather than clicking a link in your email or text message to avoid any tricks and keep your data safe.