UnitedHealth Group has confirmed that data has been compromised due to the Feb. 21 cyberattack on its subsidiary Change Healthcare.
In a March 27 update on its website, UnitedHealth stated that it is working with a vendor to begin analyzing the types of data that could have been compromised as a result of the breach on Change Healthcare.
"To be clear, we are still determining the content of the data that was taken by the threat actor, including any PHI/PII," the update reads. "This is taking time because Change Healthcare's own systems were impacted by the event and difficult to access."
UnitedHealth said it has no evidence that any of the compromised data has been published on the web but that it "will be offering to do the notification work for customers where permitted" if their data has been compromised.