One-third of Americans could be hit by Change Healthcare cyberattack

Omar Marques | Lightrocket | Getty Photos

UnitedHealth Group CEO Andrew Witty on Wednesday advised lawmakers that information from an estimated one-third of People may have been compromised within the cyberattack on its subsidiary Change Healthcare, and that the corporate paid a $22 million ransom to hackers.

Witty testified in entrance of the Subcommittee on Oversight and Investigations, which falls beneath the Home of Representatives’ Committee on Vitality and Commerce. He stated the investigation into the breach continues to be ongoing, so the precise variety of individuals affected stays unknown. The one-third determine is a tough estimate.

UnitedHealth has beforehand stated the cyberattack possible impacts a “substantial proportion of individuals in America,” in keeping with an April launch. The corporate confirmed that recordsdata containing protected well being data and personally identifiable data had been compromised within the breach. 

It’ll possible be months earlier than UnitedHealth is ready to notify people, given the “complexity of the information assessment,” the discharge stated. The corporate is providing free entry to id theft safety and credit score monitoring for people involved about their information.

Witty additionally testified in entrance of the U.S. Senate Committee on Finance on Wednesday, when he confirmed for the primary time that the corporate paid a $22 million ransom to the hackers that breached Change Healthcare. On the listening to earlier than the Home legislators later that afternoon, Witty stated the cost was made in bitcoin.

UnitedHealth disclosed {that a} cyberthreat actor breached a part of Change Healthcare’s data expertise community late in February. The corporate disconnected the affected programs when the risk was detected, and the disruption has induced widespread fallout throughout the U.S. health-care sector.

Witty advised the subcommittee in his written testimony that the cyberattackers used “compromised credentials” to infiltrate Change Healthcare’s programs on Feb. 12 and deployed a ransomware that encrypted the community 9 days later.

The portal that the unhealthy actors initially accessed was not protected by multifactor authentication, or MFA, which requires customers to confirm their identities in not less than two other ways. 

Witty advised each committees Wednesday that UnitedHealth now has MFA in place throughout all external-facing programs.

Don’t miss these exclusives from CNBC PRO

Source link