US insurance giant United HealthCare admits data breach impacted customers' personal information

American health insurance giant United HealthCare says it suffered a credential stuffing attack in February which enabled threat actors to access the sensitive personal information of its customers.

According to CBS News, the insurance provider identified suspicious activity in its mobile application, following which it investigated the issue and determined that the application was impacted by a credential-stuffing attack between February 19 and 25 this year.

On April 10, the insurance giant said that some of its customers’ information may have been accessed by threat actors. Information accessed by the threat actors includes customers’ full names, health insurance member identification numbers, dates of birth, addresses, dates of service, provider names, claim information, and group names and numbers.

The company confirmed in a statement that “this incident did not involve the disclosure of Social Security numbers or driver’s license numbers.”

“Upon discovery, the company took prompt action to investigate the matter. The portal account for members was locked to prevent any further access and we initiated a forced password reset,” UHC said.

“Through our investigation, we determined that the application was the target of a credential stuffing attack. We have no evidence that member login credentials used during the attack were accessed or obtained from any UnitedHealthcare system.”

United HealthCare has started contacting all affected individuals whose personal data may have been accessed in the security incident. The company is also providing two years of complimentary theft protection and credit monitoring services to all affected individuals.

Last month, US medical services provider Shields Health Care Group (SHCG) disclosed a data breach that compromised the sensitive personal information of more than 2.3 million people. In a letter sent to affected individuals, SHCG said that on March 28, 2022, it identified suspicious activity in its internal network and immediately launched an investigation with assistance from third-party cyber security experts to understand the nature and scope of the security incident.

The investigation concluded that threat actors had access to Shields Health Care’s internal systems between March 7, 2022, and March 21, 2022, and had compromised the personal information of its patients including social security numbers, dates of birth, home addresses, provider information, diagnosis, billing information, insurance numbers and information, medical record numbers, patient IDs, and other medical or treatment information.