United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach
04/24/2024 Marco A. De Felice aka amvinfe
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach 1
Share via:
Twitter
LinkedIn
Another significant data breach looms for United Healthcare (UHC), involving patient documents belonging to its Optum financial assistance program and its subsidiary Change Healthcare.
In recent hours, the ransomware group Medusa has claimed on its website, within Tor networks, the cyberattack on the servers of Northeast Ohio Neighborhood Health (NEON), a company providing healthcare services headquartered in Cleveland, Ohio, and the exfiltration of nearly 51GB of data. Many of these documents refer to PHI and PII of patients associated with health insurance contracts with the United Healthcare Group.
SuspectFile.com has also had the opportunity to review a series of contracts and administrative documents that NEON has entered into with other health insurance companies, providers, organizations providing home care services, childcare agencies, companies developing software for electronic health records, and management systems for the healthcare sector. Among the files exfiltrated by Medusa are financial reports, board reports, and banking documents.
The ransomware cyberattack occurred on April 15th when Medusa gained access to NEON’s computer systems. After exfiltrating 51GB of data from the servers, Medusa proceeded to encrypt the files, and on the blog, the group states the price that NEON will be forced to pay for file deletion, with the ransom amounting to $250,000; the group has set the same price for their sale. NEON has just over 2 days left before their data is sold or made public.
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach 2
Screenshot and redaction by SuspectFile.com
Among the files reviewed, as previously mentioned, there are PHI and PII of patients who have visited the 7 NEON facilities. The eighth facility, HOUGH HEALTH CENTER (as stated on their website), is temporarily closed.
COLLINWOOD HEALTH CENTER
EAST CLEVELAND HEALTH CENTER
SOUTHEAST HEALTH CENTER
SUPERIOR HEALTH CENTER
ST. CLAIR HEALTH CENTER
NORWOOD HEALTH CENTER
MILES/BROADWAY HEALTH CENTER
HOUGH HEALTH CENTER
Below, we provide drafted excerpts of some PHI and PII documents of certain patients that we were able to review. These documents pertain to patients who have health insurance contracts with United Healthcare, Optum, and Change Healthcare.
View Fullscreen
Screenshot and redaction by SuspectFile.com
View Fullscreen
Screenshot and redaction by SuspectFile.com
View Fullscreen
Screenshot and redaction by SuspectFile.com
In the file “NEON UDS Report_20230101_20231231_HIV Prenatal Patients.xlsx” that we were able to review, there are PII data of 14247 female patients.
Patient ID Number
First and Last Name
Date of Birth
Gender
Race
Ethnicity
Most Recent Medical Provider
Most Recent Provider
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach 3
Screenshot and redaction by SuspectFile.com
We can confidently assert that the number of patients affected by the theft of their data is much higher. At the moment, we do not have exact figures to list, but we will update the number of affected patients as soon as we have accurate data.
Within the file “NEON Patient_Roster FINAL.csv”, PII data of 171 patients are listed, all residing in the U.S. state of Ohio.
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach 4
Screenshot and redaction by SuspectFile.com
Another file we reviewed contains PII data of 57 provider physicians. The file is named “United Healthcare roster.xlsx.”
Full Name
Provider NPI (National Provider Identifier)
Specialties
Hospital Affiliations
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach 5
Screenshot and redaction by SuspectFile.com
As of today, we have not found any mention of the data theft suffered by Northeast Ohio Neighborhood Health on their website following the cyberattack in mid-April. This leads us to infer that patients involved may still be unaware of the situation.
We sent a request for comment on the data breach to Northeast Ohio Neighborhood Health. However, we did not receive a response before the article was published.
We will update the article as soon as we are able to provide further details on the case.
04/24/2024 Marco A. De Felice aka amvinfe
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach 1
Share via:
Another significant data breach looms for United Healthcare (UHC), involving patient documents belonging to its Optum financial assistance program and its subsidiary Change Healthcare.
In recent hours, the ransomware group Medusa has claimed on its website, within Tor networks, the cyberattack on the servers of Northeast Ohio Neighborhood Health (NEON), a company providing healthcare services headquartered in Cleveland, Ohio, and the exfiltration of nearly 51GB of data. Many of these documents refer to PHI and PII of patients associated with health insurance contracts with the United Healthcare Group.
SuspectFile.com has also had the opportunity to review a series of contracts and administrative documents that NEON has entered into with other health insurance companies, providers, organizations providing home care services, childcare agencies, companies developing software for electronic health records, and management systems for the healthcare sector. Among the files exfiltrated by Medusa are financial reports, board reports, and banking documents.
The ransomware cyberattack occurred on April 15th when Medusa gained access to NEON’s computer systems. After exfiltrating 51GB of data from the servers, Medusa proceeded to encrypt the files, and on the blog, the group states the price that NEON will be forced to pay for file deletion, with the ransom amounting to $250,000; the group has set the same price for their sale. NEON has just over 2 days left before their data is sold or made public.
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach 2
Screenshot and redaction by SuspectFile.com
Among the files reviewed, as previously mentioned, there are PHI and PII of patients who have visited the 7 NEON facilities. The eighth facility, HOUGH HEALTH CENTER (as stated on their website), is temporarily closed.
COLLINWOOD HEALTH CENTER
EAST CLEVELAND HEALTH CENTER
SOUTHEAST HEALTH CENTER
SUPERIOR HEALTH CENTER
ST. CLAIR HEALTH CENTER
NORWOOD HEALTH CENTER
MILES/BROADWAY HEALTH CENTER
HOUGH HEALTH CENTER
Below, we provide drafted excerpts of some PHI and PII documents of certain patients that we were able to review. These documents pertain to patients who have health insurance contracts with United Healthcare, Optum, and Change Healthcare.
View Fullscreen
Screenshot and redaction by SuspectFile.com
View Fullscreen
Screenshot and redaction by SuspectFile.com
View Fullscreen
Screenshot and redaction by SuspectFile.com
In the file “NEON UDS Report_20230101_20231231_HIV Prenatal Patients.xlsx” that we were able to review, there are PII data of 14247 female patients.
Patient ID Number
First and Last Name
Date of Birth
Gender
Race
Ethnicity
Most Recent Medical Provider
Most Recent Provider
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach 3
Screenshot and redaction by SuspectFile.com
We can confidently assert that the number of patients affected by the theft of their data is much higher. At the moment, we do not have exact figures to list, but we will update the number of affected patients as soon as we have accurate data.
Within the file “NEON Patient_Roster FINAL.csv”, PII data of 171 patients are listed, all residing in the U.S. state of Ohio.
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach 4
Screenshot and redaction by SuspectFile.com
Another file we reviewed contains PII data of 57 provider physicians. The file is named “United Healthcare roster.xlsx.”
Full Name
Provider NPI (National Provider Identifier)
Specialties
Hospital Affiliations
United Healthcare, Optum, and Change Healthcare Involved in Northeast Ohio Neighborhood Health Data Breach 5
Screenshot and redaction by SuspectFile.com
As of today, we have not found any mention of the data theft suffered by Northeast Ohio Neighborhood Health on their website following the cyberattack in mid-April. This leads us to infer that patients involved may still be unaware of the situation.
We sent a request for comment on the data breach to Northeast Ohio Neighborhood Health. However, we did not receive a response before the article was published.
We will update the article as soon as we are able to provide further details on the case.