United HealthCare CEO says ‘maybe a third’ of U.S. citizens were affected by recent hack

Date:


Two months after hackers broke into Change Healthcare systems stealing and then encrypting company data, it’s still unclear how many Americans were impacted by the cyberattack.

Last month, Andrew Witty, the CEO of Change Healthcare’s parent company UnitedHealth Group, said that the stolen files include the personal health information of “a substantial proportion of people in America.”

On Wednesday, during a House hearing, when Witty was pushed to give a more definitive answer, testifying that the breach impacted “I think, maybe a third [of Americans] or somewhere of that level.”

Contact Us

Do you have more information about the Change Healthcare ransomware attack? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email. You also can contact TechCrunch via SecureDrop.

Witty said he was reluctant to give a more precise answer because the company is still investigating the breach and trying to figure out exactly how many people were affected.

UnitedHealth’s spokesperson Anthony Marusic did not immediately respond to a request for comment on Witty’s estimate.

During a hearing in the Senate earlier on Wednesday, Witty said that it will likely take “several months,” before the company can begin notifying victims of the data breach.

In a written statement filed by Witty ahead of the two hearings, the CEO wrote that “so far, we have not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data.”

According to Witty’s testimony, the hackers “used compromised credentials to remotely access a Change Healthcare Citrix portal,” which was not protected by multi-factor authentication, a basic cybersecurity measure that adds an extra step to log into accounts and systems.

Had that portal had multi-factor authentication enabled, the breach may not have happened. Several Senators grilled Witty on that failure, asking him whether UnitedHealth and Change Healthcare systems are now protected with multi-factor authentication.

During the Senate hearing, Witty said: “We have an enforced policy across the organization to have multi factor authentication on all of our external systems, which is in place.”

The House hearing is underway as of this writing, and we will update this story as more information becomes available.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

spot_imgspot_img

Popular

More like this
Related

Creative & Unique Gift Ideas (They Don’t Already Have)

I’ve shared my holiday gift guide, but many...

The Sky This Week from November 22 to 29, 2024

Friday, November 22Last Quarter Moon occurs at 8:28...

Uranus may not have a weird magnetic field after all

Back to Article List A blast of solar radiation...

How Comet ATLAS fizzled out

This image of C/2024 S1 (ATLAS) was taken...