DENVER, Colo. (KRDO) – UnitedHealthcare (UHC) is alerting individuals enrolled in its health plans about suspicious activity on its mobile app that may have led to the release of member information.
UHC says the activity occurred between February 19, 2023 and February 25, 2023 and it was determined on April 10, that some personal information may have been impacted by this incident.
The company says information that may have been obtained may include:
- First and Last Name
- ID Number
- Date of Birth and Address
- Date(s) of Service
- Provider Name(s) and Claim Information
- Insurance Group Name and Number
The breach did not include sensitive information such as Social Security numbers or driver’s license numbers.
UHC says individuals should receive a notice in the mail about this incident starting April 28.
Upon further investigation, the company stated the portal account for members was locked to prevent any further access and determined the app was the target of a credential stuffing attack.
There was no evidence indicating that member login credentials used during the attack were accessed or obtained from any UHC system.
UHC says it regrets this indent and any inconvenience it may have caused.
As a precaution to help members detect any misuse of personal information, the company says it is offering two years of free “LifeLock Identity Theft Protection Services” for victims of identity theft.
If you have any questions regarding this incident you can call (800)-669-1812.