During a Congress earlier this month, UnitedHealth Group CEO Andrew Witty reported that roughly one-third of Americans may have had their data swept up in the February cyber attack, which affected pharmacies within the US. He also stated that the company paid a ransom of $22 million to hackers using Bitcoin.
When the CEO testified, he said, “It will likely take “several months” before UnitedHealth is able to identify and notify Americans impacted by the hack because the company is still combing through the stolen data.” However, the investigation is still ongoing. Witty apologized to the patients and doctors for not properly protecting their computer servers.
More Details on the Cyberattack
According to UnitedHealth, a cyber threat actor breached part of Change Healthcare’s data technology network on February 21, which the company uses to exchange data between healthcare providers. When the company detected the threat, it disconnected the affected systems, which caused a widespread fallout within the healthcare sector in the United States.
Also, due to the breach, various healthcare providers couldn’t receive payments from the government due to delays or missing payments. Some providers even stated that they were at risk of being unable to provide medical services to patients due to a lack of funds.
ALSO READ: FBI Warns Against Russian Hackers Launching Stealthy Cyberattacks in the US
The Department of Health and Human Services is investigating UnitedHealth to confirm whether it followed the federal law protecting patient data. The CEO of UnitedHealth has promoted the company’s recovery by getting insurance and rebuilding computer systems to almost normal levels.
Lawmakers Further Questions the UnitedHealth Group
Various lawmakers asked UnitedHealth and Change Healthcare how they couldn’t prevent the attack, knowing that they process close to 15 billion healthcare transactions yearly. Sen. Marsha Blackburn told Witty, “Your revenues are bigger than some countries’ GDP.”
“And how in heaven’s name did you not have the necessary redundancies so that you did not experience this attack and find yourself so vulnerable?” The company said that the hack was done by a group called ALPHV, or BlackCat.
The same group has attacked various individuals around the world. Whenever a ransom is requested after a cyberattack, the FBI warns against paying it because it can open one up to more attacks. However, UnitedHealth paid a multi-dollar ransom to attackers to get their system active again and recover stolen data.
ALSO READ: iPhone Spyware Attack Affects 92 Countries, Apple Notifies Users
Aside from trying to recover stolen data, UnitedHealth said that they had to pay the ransom to show the company’s commitment to protect patients’ information from being disclosed. These statements by UnitedHealth weren’t enough to get the lawmakers away from them.
Instead, the lawmakers made it clear that they’d keep pressuring the company till they found out which of the personal health data of victims were being accessed.
The UnitedHealth Group Takes Steps To Protect Personal Data
Sen. Ron Wyden complained that United States citizens are still being kept in the dark, as they have no idea how much of their personal data was stolen. However, Andrew Witty told the subcommittee that the portal that the attackers accessed wasn’t secured using MFA or a multi-factor authenticator.
This security method always requires users to verify their identities using two different methods before they can access any information. Currently, UnitedHealth has placed MFA across external systems.
Medicare Isn’t Safe Either
It looks like not only the healthcare sector is being attacked; even the federal, state, and local governments have had their fair share of cyberattacks. As of July last year, the Medicare and Medicaid Services centers announced that they experienced a data breach that affected the records of 2.3 million inheritors.
The software that was hacked is Move it Transfer. The attack affected over 10 million people across over 2,000 companies, universities, and governments. According to federal investigators, the ransomware group known as Coop found a vulnerability in the software program that they used to launch a wide range of attacks.
Riggi said, “Through that one vulnerability across government and all types of private sector industries, including health care, they were able to access millions and millions of health care records.”
You Might Also Like:
Nevada Governor Ignites Feud After Sending Letter to Newsom About Gas Price Concerns
What’s Behind Lupita Nyong’o’s Red Carpet Feline Friend
Cillian Murphy’s Two Sons Mirror Dad’s Signature Style, One Following His Path
The Reasons Behind Donald Trump’s $9,000 Fine in New York Trial
Sukihana Breaks Silence on Recent Charges and Sends Message to Critics Following Florida Arrest