UnitedHealth Group Inc., the largest health insurer in the U.S., today disclosed that it’s investigating a potential leak of internal data from its Change Healthcare unit.

The suspected leak is linked to a cyberattack that the division experienced earlier this year. The incident saw a ransomware gang access six terabytes of Change Healthcare data including some patient records. On Monday, reports emerged that the hackers have posted some of the stolen information on the public web.

“We are working with law enforcement and outside experts to investigate claims posted online to understand the extent of potentially impacted data,” UnitedHealth stated today. “Our investigation remains active and ongoing.”

The company’s Change Healthcare unit provides software that healthcare organizations use to bill patients, process medical claims and perform related tasks. On Feb. 21, UnitedHealth disclosed that the division experienced a cyberattack. The company isolated the compromised systems to limit the scope of the breach, which left dozens of Change Healthcare services unavailable.

The outage disrupted the accounting activities of numerous clinics and pharmacies throughout the U.S. Some of the affected Change Healthcare services took weeks to restore. In an update today, UnitedHealth disclosed that it has disbursed more than $6 billion worth of advance funding and interest-free loans over the past two months to support affected customers.

The breach was carried out by a ransomware gang known as ALPHV and BlackCat. The group doesn’t launch hacking campaigns on its own, but rather provides ransomware to so-called affiliates that use it to launch cyberattacks. It’s believed the Change Healthcare breach was carried out by an affiliate called Notchy.

On Monday, a third ransomware gang called RansomHub leaked screenshots of files that appeared to have been stolen in the Change Healthcare breach. It’s believed the gang obtained the files from Notchy. The leaked records reportedly include some patients’ financial information, as well as other documents including data sharing agreements that Change Healthcare has inked with a major insurers.

Parent UnitedHealth released its first-quarter financial results today. Besides announcing that it’s investigating the reported leak, it revealed that it spent $872 million during the three months ended March 31 to mitigate the breach.

The company detailed that “direct response efforts” accounted for about two thirds of the incident’s cost. It attributed the remaining expenses to lost revenue and system maintenance activities. UnitedHealth estimates that the total cost of the breach could nearly double to $1.6 billion by year’s end. 

Image: UnitedHealth