The health insurance provider UnitedHealthcare announced on Friday that personal information from UnitedHealthcare accounts in Maryland may have been acquired by a cyberattack.
According to UnitedHealthcare, the unusual behavior on the mobile app took place between February 19 and February 25 and was a credential-stuffing attack.
A credential stuffing assault is an attack in which hackers use names and passwords acquired from prior breaches to “stuff” login combinations into accounts until they discover a match.
On April 10th, the organization came to the conclusion that personally identifiable information may have been shared.
Members who have inquiries should call the toll-free number 800-669-1812 between Monday and Friday.
The firm has stated that it does not have any evidence to suggest that the login credentials of any UnitedHealthcare members were accessed or taken from any of the organization’s systems during the assault. Since then, it has disabled access to any member accounts that could have been hacked.
On Friday, UnitedHealthcare mailed a warning to certain account holders informing them that suspicious behavior on the company’s mobile app may have resulted in the disclosure of members’ personal information.
This information may include first and last names, dates of birth, addresses, dates of service, names of providers, claim information, and names and numbers of insurance groups. It may also include health insurance member ID numbers. According to the statement made by the corporation, no driver’s license or Social Security data were obtained.
According to a statement made by a director of communications for UnitedHealthcare on Sunday, less than one thousand customer accounts may have had their personal information exposed. There are 850,000 people enrolled in UnitedHealthcare in the state.
“The company regrets this incident and any inconvenience or concern it may cause,” UnitedHealthcare stated in a statement. “The company regrets this incident.” To assist members in determining whether or not their personal information has been misused, the organization is providing free identity theft protection services from LifeLock for a period of two years.