Two months after hackers broke into Change Healthcare systems stealing and then encrypting company data, it’s still unclear how many Americans were impacted by the cyberattack.

Last month, Andrew Witty, the CEO of Change Healthcare’s parent company UnitedHealth Group, said that the stolen files include the personal health information of “a substantial proportion of people in America.”

On Wednesday, during a House hearing, when Witty was pushed to give a more definitive answer, testifying that the breach impacted “I think, maybe a third [of Americans] or somewhere of that level.”

Witty said he was reluctant to give a more precise answer because the company is still investigating the breach and trying to figure out exactly how many people were affected.

UnitedHealth’s spokesperson Anthony Marusic did not immediately respond to a request for comment on Witty’s estimate.

During a hearing in the Senate earlier on Wednesday, Witty said that it will likely take “several months,” before the company can begin notifying victims of the data breach.

In a written statement filed by Witty ahead of the two hearings, the CEO wrote that “so far, we have not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data.”

According to Witty’s testimony, the hackers “used compromised credentials to remotely access a Change Healthcare Citrix portal,” which was not protected by multi-factor authentication, a basic cybersecurity measure that adds an extra step to log into accounts and systems.

Had that portal had multi-factor authentication enabled, the breach may not have happened. Several Senators grilled Witty on that failure, asking him whether UnitedHealth and Change Healthcare systems are now protected with multi-factor authentication.

During the Senate hearing, Witty said: “We have an enforced policy across the organization to have multi factor authentication on all of our external systems, which is in place.”

The House hearing is underway as of this writing, and we will update this story as more information becomes available.

READ ALSO  Bitcoin Miners Brace for the ‘Halving’—and Race to Cash In - Return Sports

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *