Two months after hackers broke into Change Healthcare systems stealing after which encrypting firm knowledge, it’s nonetheless unclear what number of Individuals have been impacted by the cyberattack.
Final month, Andrew Witty, the CEO of Change Healthcare’s guardian firm UnitedHealth Group, said that the stolen files include the personal health information of “a considerable proportion of individuals in America.”
On Wednesday, throughout a Home listening to, when Witty was pushed to present a extra definitive reply, testifying that the breach impacted “I feel, perhaps a 3rd [of Americans] or someplace of that degree.”
Witty mentioned he was reluctant to present a extra exact reply as a result of the corporate continues to be investigating the breach and attempting to determine precisely how many individuals have been affected.
UnitedHealth’s spokesperson Anthony Marusic didn’t instantly reply to a request for touch upon Witty’s estimate.
During a hearing in the Senate earlier on Wednesday, Witty mentioned that it’s going to seemingly take “a number of months,” earlier than the corporate can start notifying victims of the information breach.
In a written assertion filed by Witty forward of the 2 hearings, the CEO wrote that “to date, we now have not seen proof of exfiltration of supplies corresponding to medical doctors’ charts or full medical histories among the many knowledge.”
According to Witty’s testimony, the hackers “used compromised credentials to remotely entry a Change Healthcare Citrix portal,” which was not protected by multi-factor authentication, a primary cybersecurity measure that provides an additional step to log into accounts and methods.
Had that portal had multi-factor authentication enabled, the breach might not have occurred. A number of Senators grilled Witty on that failure, asking him whether or not UnitedHealth and Change Healthcare methods are actually protected with multi-factor authentication.
During the Senate hearing, Witty mentioned: “We’ve an enforced coverage throughout the group to have multi issue authentication on all of our exterior methods, which is in place.”
The Home listening to is underway as of this writing, and we’ll replace this story as extra info turns into out there.
