Two months after hackers broke into Change Healthcare's systems, stole and encrypted company data, it's still unclear how many Americans were affected by the cyberattack.
Andrew Whitty, CEO of UnitedHealth Group, Change Healthcare's parent company, said last month that the stolen files contained personal health information of “a significant percentage of people in the United States.” Ta.
When Whitty was pressed for a more definitive answer during a House hearing on Wednesday, he testified that the breach “impacted probably a third of us.” [of Americans] Or somewhere on that level. ”
Whitty said he was reluctant to give a more precise answer because the company is still investigating the breach and trying to figure out exactly how many people were affected.
UnitedHealth spokesman Anthony Marusic did not immediately respond to a request for comment on Whitty's estimates.
Whitty said at a Senate hearing earlier Wednesday that it would likely be “several months” before the company begins notifying victims of data breaches.
In a written statement provided by Whitty ahead of the two hearings, the CEO said, “To date, we have not seen any evidence that materials such as doctor charts or complete medical histories were compromised in the data.'' No,” he said.
According to Witty's testimony, the hackers “used compromised credentials to remotely access the Change Healthcare Citrix portal,” but multi-factor authentication is an additional step to log into accounts and systems. were not protected by multi-factor authentication, which is a basic cybersecurity measure that adds
If multi-factor authentication had been enabled on that portal, the breach may not have occurred. Several senators slammed Whitty for the failure, asking whether UnitedHealth and Change Healthcare's systems are currently secured with multi-factor authentication.
At a Senate hearing, Whitty said: “We have an organization-wide policy of implementing multi-factor authentication on all external systems, and that is in place.”
As of this writing, the House hearing is ongoing and we will update this article as more information becomes available.