2 weeks ago
1 of 3 | UnitedHealth Group CEO Andrew Witty said there's nary grounds truthful acold that patients' aesculapian and individual accusation was accessed earlier nan Senate Finance Committee proceeding "to analyse hacking America's wellness care, focusing connected assessing nan Change Healthcare cyber onslaught and what's next" astatine nan Dirksen Senate agency building successful Washington, D.C., connected Wednesday. Photo by Annabelle Gordon/UPI | License Photo
May 1 (UPI) -- No grounds suggests patients' aesculapian histories and individual information were accessed during a February ransomware attack, UnitedHealth Group CEO Andrew Witty told nan Senate Finance Committee Wednesday.
Sen. Ron Wyden, D-Ore., chairs and led nan committee hearing regarding nan imaginable severity of nan ransomware onslaught connected Change Healthcare, which is simply a subsidiary of Minnesota-based UnitedHealth Group.
Wyden said UnitedHealth Group generated $324 cardinal successful gross successful 2023, which makes it nan nation's fifth-largest company.
He said UnitedHealth Group "touches 152 cardinal individuals" crossed each of its business lines, including insurance, aesculapian practices, location healthcare and drugstore services.
Wyden said UnitedHealth Group has purchased dozens of different healthcare companies and is nan nation's largest purchaser of expert practices.
"This corp is simply a healthcare leviathan," he said. "The bigger nan company, nan bigger nan work to protect its systems from hackers."
The FBI says nan nation's healthcare manufacture is nan apical target for ransomware, and Change Healthcare annually processes astir 15 cardinal healthcare transactions, Witty said.
Those records relationship for astir a 3rd of nan nation's diligent records and see accusation of people's "sensitive diagnoses,treatments and aesculapian histories that uncover everything from abortions to intelligence wellness disorders," Wyden said.
Data connected galore subject unit are among those records, which Wyden said is simply a "clear nationalist information threat."
Witty addressed nan committee and its concerns regarding nan imaginable breach of individuals' individual and backstage aesculapian wellness data.
"Our consequence to this onslaught has been grounded successful 3 principles," Witty told nan committee, "to unafraid nan systems, to guarantee diligent entree to attraction and medication, and to assistance providers pinch their financial needs."
Witty said cyber experts proceed to analyse nan onslaught that occurred connected Feb. 21 erstwhile cyber criminals breached a Change Healthcare portal, removed information and deployed ransomware.
He said nan portal wasn't protected by multi-factor authentication.
"To incorporate infection, we instantly severed connectivity and secured nan perimeter of nan onslaught to forestall malware from spreading," Witty said. "It worked. There is nary grounds of dispersed beyond Change Healthcare."
He said firm officials past contacted nan FBI and proceed to stock accusation pinch national investigators to thief bring nan perpetrators to justice.
"My overarching privilege has been to do everything imaginable to protect people's individual wellness information," Witty told nan committee, adding that nan determination to salary a ransom was his.
Witty said thing indicates anyone's doctors charts aliases individual aesculapian histories were accessed during nan ransomware attack, but nan investigation will proceed for respective months.
Identifying and notifying group whose wellness and individual accusation was accessed during nan cyberattack won't beryllium imaginable until nan investigation is completed, he said, because nan files containing that accusation were compromised successful nan attack.
Witty told nan committee UnitedHealth Group is existent connected each costs processing, has waived costs deadlines and is consenting to compensate those negatively impacted by nan ransomware onslaught arsenic needed.
Witty said UnitedHealth Group is providing concerned customers pinch free in installments monitoring and personality theft protection for 2 years and support services.
Concerned individuals besides tin sojourn ChangeCyberSupport.com to study much astir nan disposable services.
They besides tin telephone 866-262-5342 to motion up for nan free in installments monitoring and personality theft protections.
UnitedHealth Group officials successful April announced nan wellness security and services supplier paid an undisclosed ransom to protect patients' information pursuing a ransomware onslaught connected its Change Healthcare exertion company.
UnitedHealth Group officials successful February identified nan BlackCat ransomware gang arsenic nan 1 that committed nan cyberattack.
Federal rule enforcement opened an investigation into nan matter successful March.
TWIW gallery
