The Los Angeles Post
U.S. World Business Lifestyle
Today: April 11, 2025
Today: April 11, 2025

UnitedHealth hackers say they stole 'millions' of records, then delete statement

FILE PHOTO: The corporate logo of the UnitedHealth Group appears on the side of one of their office buildings in Santa Ana, California
April 26, 2024
Raphael Satter - Reuters

By Raphael Satter

WASHINGTON (Reuters) - In a message posted to, and then quickly deleted from their darknet site, the hackers blamed for striking the UnitedHealth Group said on Wednesday they stole millions of sensitive records, including medical insurance and health data, from the company.

In its claim of responsibility, the group known as "Blackcat" or "ALPHV" posted a statement to its site saying it had stolen 8 terabytes of data from UnitedHealth, according to screenshots of the posting shared online by cybersecurity researchers.

UnitedHealth, whose Change Healthcare unit was at the center of the breach, said it was aware of the statement and was "looking into it."

Blackcat said it stole data from partners including Medicare, the U.S. military medical health agency Tricare, CVS Health and other companies.

The claim was swiftly removed without explanation. Reuters attempts to reach the hackers have been so far unsuccessful and the news agency had no immediate way to verify the claims, which weren't backed up with any data or screenshots.

The Centers for Medicare and Medicaid Services did not immediately return a message seeking comment. Tricare, which has said all of its military pharmacies were impacted by the hack, also did not immediately return a message seeking comment.

In a statement, CVS said it was aware of the hackers' statement but that, "at this time, Change Healthcare has not confirmed whether any CVS Health member or patient information that it holds, including CVS Caremark information, was impacted by this incident."

Brett Callow, a threat analyst with cybersecurity firm Emsisoft, said there could be several reasons why the hackers would make an inflamatory statement and then delete it.

One possibility was that the hackers had entered ransom negotiations with UnitedHealth, or that the talks had entered a new phase. It was also possible the hackers were trying to gin up attention in a bid to force the healthcare company to come to the negotiating table. Or maybe the hackers just thought the better of it and "decided they didn't want so much attention at this particular point in time."

Blackcat has a history of disruptive hacks, including attacks on MGM Resorts International and Caesars Entertainment that snarled operations at hotels and casinos last year.

(Reporting by Raphael Satter; editing by Chris Sanders and David Gregorio)

Related Articles

Trump abruptly fires the 4-star general who headed the National Security Agency Hackers strike Australia's largest pension funds in coordinated attacks Online feed of event with Fed's Cook hit with porn, Nazi images Pentagon watchdog to review Hegsethโ€™s use of Signal app to convey plans for Houthi strike
Share This

Popular

Business|Economy|Environment|Political|US

Could Trump's tariffs slow emissions? Sure, experts say, but at great cost overall

Could Trump's tariffs slow emissions? Sure, experts say, but at great cost overall
Business|Economy|Political|Technology|World

Kevin O'Leary says US has to train China 'like a puppy'

Kevin O'Leary says US has to train China 'like a puppy'
Business|Political|US

Trump reaches deals with 5 law firms, allowing them to avoid prospect of punishing executive orders

Trump reaches deals with 5 law firms, allowing them to avoid prospect of punishing executive orders
Business|Economy|Finance|Political|Stock Markets|US|World

The Latest: Global tariff battle escalates as China retaliates with 125% tariffs on US goods

The Latest: Global tariff battle escalates as China retaliates with 125% tariffs on US goods

Technology

Business|Europe|Science|Technology

Irish regulator investigates X over use of EU personal data to train Grok AI

Irish regulator investigates X over use of EU personal data to train Grok AI
Health|Science|Technology

Transplanted pig kidney removed after functioning in living patient for more than four months

Transplanted pig kidney removed after functioning in living patient for more than four months
Business|Technology|Travel|US

A helicopter crash left a Siemens executive, his family and their pilot dead. Hereโ€™s what we know

A helicopter crash left a Siemens executive, his family and their pilot dead. Hereโ€™s what we know
Education|Lifestyle|Opinion|Science|Technology

AI-generated images can exploit how your mind works โˆ’ hereโ€™s why they fool you and how to spot them

AI-generated images can exploit how your mind works โˆ’ hereโ€™s why they fool you and how to spot them

Access this article for free.

Already have an account? Sign In