United HealthCare Breached: Suspicious Activity Leads to Data Exposure

Data breaches are increasing in a drastic way, and nothing seems to be slowing them down. In fact, legal actions are starting to take place against the breached companies. So, despite being hit, they’re also being sued. Speaking of “Hit,” a new breach managed to reach United HealthCare’s systems.

The huge insurance company is the latest victim of these outrageous data breaches, and a lot is on the line. Unfortunately, sensitive information belonging to the company’s customers has been siphoned.

United HealthCare managed to contact the affected members through email. But the question is: What happened? What information was harvested? We’ll answer everything in the following article.

The UHC Breach – Sensitive Data Out in the Open

As we always say, The bigger the company, the more beneficial it is for cybercriminals. It’s just how it works.

A while ago, the likes of Capita and Hyundai suffered the same fate, where cybercriminals managed to infiltrate their systems and exfiltrate customer information.

These are big companies, which means that the threat actors can and will gain a lot from such data. Like so many breaches before it, United HealthCare’s attention was piqued by suspicious activity within its UHC mobile applications. This was clearly mentioned in the company’s statement:

“Suspicious activity” was noticed on the UHC mobile application that may have led to the disclosure of member information.”

This data is considered very sensitive, as it includes all sorts of identifying information about United HealthCare customers:

• First and last names.
• Health insurance member ID numbers
• Dates of birth
• Addresses
• Dates of service
• Provider names
• Claim information
• Group names and numbers

While the aforementioned information is more than enough for any threat actor to perform future attacks, the companies report clearly states that no social security or driver’s license numbers were compromised:

“This incident did not involve the disclosure of Social Security numbers or driver’s license numbers.”

The breach. is definintely impactful and UHC clearly knows that. Based on the official statement, the breach seems to have occurred between February 19 and February 25.

However, not until April 10th did the company learn that customer data was impacted. UHC did also implement necessary precautions on the spot:

“Upon discovery, the company took prompt action to investigate the matter. The portal account for members was locked to prevent any further access and we initiated a forced password reset.

Through our investigation we determined that the application was the target of a credential stuffing attack.

We have no evidence that member login credentials used during the attack were accessed or obtained from any UnitedHealthcare system.

The company regrets this incident and any inconvenience or concern it may cause.”

As compensation, the insurance company is offering all affected customers two years of LifeLock Identity Theft Protection Services.

At least, with this, if anyone detects that their personal information is being misused, they can try to do something about it.

The United HealthCare Breach – Another Attack, Another Risk

The breach took place 2 months ago, but the company didn’t figure out its impact until its too late. For a long time, member information was impacted, and no one did anything about it.

With such data out in the open, threat actors can proceed with several malicious activities, including ransomware and phishing attacks.

If you’re one of the impacted individuals, we recommend you remain vigilant regarding any email you may get from the company. You never know who’s at the other end.