A third of Americans could have had data stolen in big health care hack
Kent Nishimura/Getty Images
UnitedHealth CEO Andrew Witty testifies before the Senate Finance Committee on Capitol Hill in Washington, DC, on May 1, 2024. In February, hackers stole health and personal data of what UnitedHealth says is “potentially a substantial proportion” of patient information from its systems.
CNN
—
A third of Americans may have had their personal data swept up in a February ransomware attack on a UnitedHealth Group subsidiary that disrupted pharmacies across the US, UnitedHealth CEO Andrew Witty estimated in testimony to Congress on Wednesday.
It will likely take “several months” before UnitedHealth is able to identify and notify Americans impacted by the hack because the company is still combing through the stolen data, Witty said in written testimony.
In hours of hearings in the Senate and House Wednesday, Witty apologized to patients and doctors, admitted that hackers broke into the subsidiary through a poorly protected computer server and confirmed that he authorized a $22 million ransom payment to the hackers.
The testimony shows that the scope of what experts consider to be the most significant health care cyberattack in US history is even bigger than previously known. And the hacking incident has led some lawmakers to call for cybersecurity regulations for health care companies.
The February ransomware attack paralyzed computers that Change Healthcare, the UnitedHealth subsidiary, uses to process medical claims across the country. Health providers were cut off from billions of dollars in payments, according to one hospital association, and some health clinics told CNN they were close to running out of money. The Department of Health and Human…
