UnitedHealth Group said it found files containing protected health information and personally identifiable information "which could cover a substantial proportion of people in America" following a massive cybersecurity breach in February.
The company added that it has not seen evidence of "exfiltration of materials such as doctors' charts or full medical histories among the data."
UnitedHealth said that a malicious threat actor posted 22 screenshots from exfiltrated files containing personal or protected health information for about a week on the dark web.
The company said it has been in communication with law enforcement and will try to notify those affected.
"We know this attack has caused concern and been disruptive for consumers and providers, and we are committed to doing everything possible to help and provide support to anyone who may need it," said Andrew Witty, CEO of UnitedHealth Group.
The company said it launched a dedicated website to provide more information. UnitedHealth also said it will provide credit monitoring for those affected for up to two years.
The announcement comes after UnitedHealth said a cyberattack disrupted providers' payments, making it challenging for many pharmacies to bill insurance companies.
On Monday, UnitedHealth said pharmacy services are at 99% pre-incident capacity. The company said medical claims are now flowing at near-normal levels. Payment processing by Change Healthcare is now at 86% of pre-incident levels and is increasing as additional functionality is restored.
