April 22 (Reuters) -

UnitedHealth Group ( UNH ) said on Monday that hackers stole

health and personal data of potentially a "substantial

proportion" of Americans from its systems in February, as the

largest U.S. health insurer scrambles to contain the damage.

The intrusion at its Change Healthcare unit, which

processes about 50% of U.S. medical claims, was one of the worst

hacks to hit American healthcare and caused

widespread disruption in payment to doctors and health

facilities.

The disclosure suggests patients' healthcare information

remains vulnerable. An initial review of the compromised data

showed files with protected health information or personally

identifiable information "which could cover a substantial

proportion of people in America," the company said in a

statement on its website.

That theft on Feb. 21 occurred despite a ransom payment.

"A ransom was paid as part of the company's commitment

to do all it could to protect patient data from disclosure,"

UnitedHealth ( UNH ) Chief Executive Andrew Witty told CNBC on Monday.

"This attack was conducted by malicious threat actors,

and we continue to work with the law enforcement and multiple

leading cybersecurity firms during our investigation."

Hackers usually seek sensitive data such as patient

records, medical histories, or treatment plans for use in

further criminal acts or ransom demands in such breaches.

While a full analysis of the breached data would take

"several months," there is no evidence to suggest that doctors'

charts or full medical histories of individuals were stolen,

UnitedHealth ( UNH ) said. It did not say exactly how many people's data

was stolen, but that it was monitoring online forums where

hackers tend to leak or trade such data packets.

The cybercriminal gang behind the breach, known as AlphV

or BlackCat, has not responded to multiple requests for comment.

Another hacker group posted 22 screenshots on the dark

web for about a week, some of which contained UntiedHealth

customers' protected healthcare and personal data, the company

said, adding it was unaware of any other leaks at this time.

That group, which calls itself Ransomhub,

told Reuters earlier

that a disgruntled affiliate of Blackcat had given it the

data.

Soon after the hack came to light in February, Blackcat

said on its website it had stolen 8 terabytes of sensitive

records from Change Healthcare - only to later delete that

statement without explanation.

"We know this attack has caused concern and been

disruptive for consumers and providers and we are committed to

doing everything possible to help and provide support to anyone

who may need it," UnitedHealth ( UNH ) CEO Witty said in the company

post.