Two months after hackers broke into Change Healthcare programs stealing after which encrypting firm information, it’s nonetheless unclear what number of People had been impacted by the cyberattack.
Final month, Andrew Witty, the CEO of Change Healthcare’s guardian firm UnitedHealth Group, mentioned that the stolen information embrace the private well being info of “a considerable proportion of individuals in America.”
On Wednesday, throughout a Home listening to, when Witty was pushed to provide a extra definitive reply, testifying that the breach impacted “I feel, possibly a 3rd [of Americans] or someplace of that degree.”
Witty mentioned he was reluctant to provide a extra exact reply as a result of the corporate continues to be investigating the breach and attempting to determine precisely how many individuals had been affected.
UnitedHealth’s spokesperson Anthony Marusic didn’t instantly reply to a request for touch upon Witty’s estimate.
Throughout a listening to within the Senate earlier on Wednesday, Witty mentioned that it’ll doubtless take “a number of months,” earlier than the corporate can start notifying victims of the data breach.
In a written assertion filed by Witty forward of the 2 hearings, the CEO wrote that “to this point, we now have not seen proof of exfiltration of supplies akin to docs’ charts or full medical histories among the many information.”
Based on Witty’s testimony, the hackers “used compromised credentials to remotely entry a Change Healthcare Citrix portal,” which was not protected by multi-factor authentication, a primary cybersecurity measure that provides an additional step to log into accounts and programs.
Had that portal had multi-factor authentication enabled, the breach might not have occurred. A number of Senators grilled Witty on that failure, asking him whether or not UnitedHealth and Change Healthcare programs are actually protected with multi-factor authentication.
The Home listening to is underway as of this writing, and we are going to replace this story as extra info turns into out there.
