Omar Marques | Lightrocket | Getty Images
UnitedHealth Community CEO Andrew Witty on Wednesday told lawmakers that records from an estimated one-third of Americans would possibly own been compromised in the cyberattack on its subsidiary Commerce Healthcare, and that the corporate paid a $22 million ransom to hackers.
Witty testified in front of the Subcommittee on Oversight and Investigations, which falls below the House of Representatives’ Committee on Energy and Commerce. He acknowledged the investigation into the breach is smooth ongoing, so the staunch quantity of individuals affected remains unknown. The one-third figure is a rough estimate.
UnitedHealth has beforehand acknowledged the cyberattack likely impacts a “tall percentage of individuals in The United States,” per an April free up. The company confirmed that recordsdata containing protected smartly being data and individually identifiable data were compromised in the breach.
This would possibly perchance likely be months earlier than UnitedHealth is in a train to relate individuals, given the “complexity of the records review,” the free up acknowledged. The company is offering free access to identification theft protection and credit ranking monitoring for individuals smitten by their records.
Witty moreover testified in front of the U.S. Senate Committee on Finance on Wednesday, when he confirmed for the predominant time that the corporate paid a $22 million ransom to the hackers that breached Commerce Healthcare. At the listening to earlier than the House legislators later that afternoon, Witty acknowledged the cost used to be made in bitcoin.
UnitedHealth disclosed that a cyberthreat actor breached segment of Commerce Healthcare’s data technology community dull in February. The company disconnected the affected systems when the risk used to be detected, and the disruption has caused long-established fallout all the device during the U.S. smartly being-care sector.
Witty told the subcommittee in his written testimony that the cyberattackers worn “compromised credentials” to infiltrate Commerce Healthcare’s systems on Feb. 12 and deployed a ransomware that encrypted the community nine days later.
The portal that the unfavourable actors in the starting up accessed used to be now not protected by multifactor authentication, or MFA, which requires customers to match their identities in on the least two varied suggestions.
Witty told both committees Wednesday that UnitedHealth now has MFA in region all the device through all exterior-going through systems.
Don’t trip away out these exclusives from CNBC PRO
