Photo: Andrew Brookes/Getty images

照片：安德鲁·布鲁克斯/盖蒂图片社

UnitedHealth Group has admitted it paid a ransom to the Change Healthcare cyberattackers to protect patient information.

联合健康集团（UnitedHealth Group）承认，它向Change Healthcare网络攻击者支付了赎金，以保护患者信息。

'A ransom was paid as part of the company's commitment to do all it could to protect patient data from disclosure,' UnitedHealth Group said by statement on Monday.

联合健康集团（UnitedHealth Group）周一发表声明称，支付赎金是该公司承诺尽一切努力保护患者数据不被披露的一部分。

The company did not disclose the amount paid.

该公司没有透露支付的金额。

WHY THIS MATTERS

为什么这很重要

The company has also confirmed that files containing personal information were compromised in the breach, according to CNBC.

据CNBC报道，该公司还证实，包含个人信息的文件在违规行为中被泄露。

UnitedHealth Group, along with leading external industry experts, continues to monitor the internet and dark web to determine if data has been published, according to a status update published on Monday. There were 22 screenshots, allegedly from exfiltrated files, some containing personal health information and personally identifiable information, posted for about a week on the dark web by a malicious threat actor, UnitedHealth said. .

周一发布的最新情况显示，联合健康集团（UnitedHealth Group）与领先的外部行业专家一起，继续监控互联网和黑暗网络，以确定数据是否已发布。联合健康组织（UnitedHealth）表示，一名恶意威胁行为人在黑暗网络上发布了大约一周的22张截图，据称是从渗出的文件中截取的，其中一些包含个人健康信息和个人身份信息。。

'No further publication of PHI or PII has occurred at this time,' the company said.

该公司说，目前没有进一步公布PHI或PII。

'Given the ongoing nature and complexity of the data review, it is likely to take several months of continued analysis before enough information will be available to identify and notify impacted customers and individuals. As the company continues to work with leading industry experts to analyze data involved in this cyberattack, it is immediately providing support and robust protections rather than waiting until the conclusion of the data review,' UnitedHealth said..

“鉴于数据审查的持续性质和复杂性，可能需要几个月的持续分析才能获得足够的信息来识别和通知受影响的客户和个人。联合健康（UnitedHealth）表示，随着该公司继续与业界领先专家合作，分析此次网络攻击所涉及的数据，它将立即提供支持和强有力的保护，而不是等到数据审查结束。。

Based on initial targeted data sampling to date, the company has found files containing protected health information or personally identifiable information which could cover a substantial proportion of people in America, the company said. To date, it has not seen evidence of exfiltration of materials such as doctors' charts or full medical histories among the data, UnitedHealth said..

该公司表示，根据迄今为止的初步目标数据抽样，该公司发现了包含受保护的健康信息或个人识别信息的文件，这些信息可能涵盖美国大部分人口。联合健康组织（UnitedHealth）表示，迄今为止，还没有证据表明数据中有医生图表或完整病史等材料被过滤。。

'While this comprehensive data analysis is conducted, the company is in communication with law enforcement and regulators and will provide appropriate notifications when the company can confirm the information involved,' the status report said. 'This is not an official breach notification. The company will reach out to stakeholders when there is sufficient information for notifications and will be transparent with the process.'.

“在进行全面数据分析的同时， 该公司正在与 状态报告说，当公司能够确认所涉及的信息时，将向执法部门和监管机构发出适当的通知这不是正式的违约通知。当有足够的信息用于通知时，公司将与利益相关者联系，并将在流程中保持透明。”。

The company has announced support for people who may be concerned about their personal data potentially being impacted based on preliminary findings from the ongoing investigation and review of the data involved.

根据正在进行的调查和对所涉及数据的审查的初步结果，该公司宣布支持那些可能担心其个人数据可能受到影响的人。

'We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it,' Witty said by statement.

Witty在声明中说：“我们知道这次袭击引起了消费者和提供商的关注，并对他们造成了破坏，我们承诺尽一切可能帮助和支持任何可能需要它的人。”。

People are asked to visit a dedicated website for more information or call 1-866-262-5342.

人们被要求访问一个专门的网站以获取更多信息，或者致电1-866-262-5342。

THE LARGER TREND

更大的趋势

UnitedHealth Group's CEO Andrew Witty is expected to testify before a House committee in May about the ransomware attack, according to The Record. During a hearing last week on the cyberattack by the House Subcommittee on Health, at least two representatives called out UnitedHealth Group for not making anyone available..

据记录，联合健康集团（UnitedHealth Group）首席执行官安德鲁·维蒂（AndrewWitty）预计将于5月份就勒索软件袭击事件在众议院委员会作证。在上周众议院健康小组委员会就网络攻击举行的听证会上，至少有两名代表呼吁联合健康组织（UnitedHealth Group）不要提供任何人。。

In March, Reuters reported that UnitedHealth Group paid $22 million to recover access to data and systems encrypted by the Blackcat ransomware gang.

3月，路透社报道，联合健康集团（UnitedHealth Group）支付了2200万美元，以恢复对黑猫勒索软件团伙加密的数据和系统的访问。

Change Healthcare, which is owned by Optum, a subsidiary of UnitedHealth Group, discovered it was hit by a cyberattack on February 21. The company shut down its systems, which affected claims payments to hospitals and physicians groups nationwide.

联合健康集团（UnitedHealth Group）子公司Optum旗下的Change Healthcare于2月21日发现遭到网络攻击。该公司关闭了其系统，这影响了向全国医院和医生团体支付的索赔。

While Change has been reestablishing connectivity, provider revenue continues to be impacted by delays in submitting and receiving payment.

虽然变化已经重新建立了连接，但提供商的收入仍然受到提交和接收付款延迟的影响。

UnitedHealth said in its status update it has made 'strong progress' in restoring Change services.

联合健康组织（UnitedHealth）在其状态更新中表示，它在恢复变革服务方面取得了“重大进展”。

Email the writer: SMorse@himss.org

给作者发电子邮件：SMorse@himss.org