UnitedHealth Group CEO Andrew Witty disclosed on Wednesday in Congressional testimony that the recent cyberattack on Change Healthcare, a subsidiary of UnitedHealth, might have compromised the data of roughly one-third of Americans.
Witty addressed both the House of Representatives’ Subcommittee on Oversight and Investigations and the Senate Committee on Finance, providing updates on the ongoing investigation into the cyberattack.
He estimated that data belonging to a substantial portion of the U.S. population could be at risk, although he noted that the exact number of affected individuals is still being determined. The CEO highlighted that the breach involved protected health information and personally identifiable information, which were compromised.
During his testimonies, Witty also confirmed for the first time that UnitedHealth had paid a ransom of $22 million in bitcoin to the hackers responsible for the breach. This payment was made to secure the release of the encrypted data. He pointed out that the investigation is complex and it might take months before the company can notify the individuals potentially impacted by the breach.
The cyberattack was first detected in late February when UnitedHealth noticed unauthorized access to Change Healthcare’s information technology network. The hackers used compromised credentials to access the systems on February 12, and subsequently deployed ransomware that encrypted the network on February 21.
This breach led to widespread disruptions across the U.S. health care sector. Witty noted that the initial portal accessed by the cyberthreat actors lacked multifactor authentication (MFA), a security measure that requires verifying identity in at least two different ways.
Following the breach, UnitedHealth has implemented MFA across all its external-facing systems to enhance security measures and prevent future attacks. Additionally, the company is offering free access to identity theft protection and credit monitoring services for individuals concerned about their data security.
Related News:
Featured Image courtesy of Kent Nishimura/Getty Images