A third of Americans could have had data stolen in big health care hack

May 1, 2024, 5:40 PM

UnitedHealth CEO Andrew Witty testifies before the Senate Finance Committee on Capitol Hill in Wash...

UnitedHealth CEO Andrew Witty testifies before the Senate Finance Committee on Capitol Hill in Washington, DC, on May 1, 2024. In February, hackers stole health and personal data of what UnitedHealth says is "potentially a substantial proportion" of patient information from its systems. (Kent Nishimura, Getty Images via CNN Newsource)

(Kent Nishimura, Getty Images via CNN Newsource)

(CNN) — A third of Americans may have had their personal data swept up in a February ransomware attack on a UnitedHealth Group subsidiary that disrupted pharmacies across the US, UnitedHealth CEO Andrew Witty estimated in testimony to Congress on Wednesday.

It will likely take “several months” before UnitedHealth is able to identify and notify Americans impacted by the hack because the company is still combing through the stolen data, Witty said in written testimony.

In hours of hearings in the Senate and House Wednesday, Witty apologized to patients and doctors, admitted that hackers broke into the subsidiary through a poorly protected computer server and confirmed that he authorized a $22 million ransom payment to the hackers.

The testimony shows that the scope of what experts consider to be the most significant health care cyberattack in US history is even bigger than previously known. And the hacking incident has led some lawmakers to call for cybersecurity regulations for health care companies.

The February ransomware attack paralyzed computers that Change Healthcare, the UnitedHealth subsidiary, uses to process medical claims across the country. Health providers were cut off from billions of dollars in payments, according to one hospital association, and some health clinics told CNN they were close to running out of money. The Department of Health and Human Services is investigating whether UnitedHealth complied with federal law in protecting patient data.

Identifying and notifying Americans

More than two months since the ransomware attack, Witty touted the company’s recovery by rebuilding computer systems and getting insurance claims flowing to “near-normal” levels. But, he said the process for identifying and notifying Americans affected by the hack was cumbersome partly because data files were compromised in the incident.

In the hearing, multiple lawmakers asked if UnitedHealth and Change Healthcare, which processes about 15 billion health care transactions annually, controlled an outsized portion of the US health sector, leaving the sector vulnerable to hacks and other disruptions.

“Your revenues are bigger than some countries’ GDP,” Sen. Marsha Blackburn, a Tennessee Republican, told Witty.  “And how in heaven’s name did you not have the necessary redundancies so that you did not experience this attack and find yourself so vulnerable?”

UnitedHealth has blamed its hack on a notorious criminal group called ALPHV, or BlackCat, that the Justice Department says has been responsible for ransomware attacks on victims around the world.

The FBI generally discourages victims to pay a ransom because it can fuel more ransomware attacks. But UnitedHealth is one of multiple major US firms that have made multimillion-dollar ransom payments to try to recover stolen data or get systems back online. Colonial Pipeline, a pipeline operator that transports fuel to the East Coast, paid a $4.4 million ransom in 2021 after a Russian-speaking ransomware group disrupted the pipeline operations for days.

UnitedHealth has said it paid the ransom “as part of the company’s commitment to do all it could to protect patient data from disclosure.”

But lawmakers on Wednesday said they would keep the pressure on the company to get to the bottom of what personal health information was accessed.

“Americans are still in the dark about how much of their sensitive information was stolen,” Sen. Ron Wyden, an Oregon Democrat who chairs the finance committee, lamented.

KSL 5 TV Live

National News

TEMPE, ARIZONA - APRIL 17: Connor McDavid #97 of the Edmonton Oilers attempts a shot on goaltender ...

Stephen Whyno, AP Sports Writer

Connor Ingram wins the Masterton Trophy for perseverance and dedication to hockey

Connor Ingram, the goaltender for the Arizona Coyotes, has won the Bill Masterton Memorial Trophy after sharing his story with mental health struggles.

21 minutes ago

Clockwise from top left: Jody Settle, Alberto Locascio, Tobias Noboa and Wilmard Santiago. (Courtes...

Ashley R. Williams, CNN

The Covid-19 public health emergency is over, but tales of loss remain. This website offers the bereaved a digital safe space

The "WhoWeLost" website was launched in 2020 in Kentucky and is home to around 2,000 published and yet-to-be-published stories. It serves as a digital haven for those still grieving COVID-19 where they can write about their losses in a comment-free environment without interactions, judgment or internet trolls.

57 minutes ago

A ship is seen off the coast of Gaza near a US-built floating pier that will be used to facilitate ...

Colin McCullough, Jessie Yeung, Nadeen Ebrahim, and Lucas Lilieholm, CNN

US military starts delivering aid to Gaza through floating pier. Here’s what we know

Trucks carrying humanitarian aid into Gaza have begun moving ashore after arriving through the floating pier built by the US military, according to the US Central Command (CENTCOM).

3 hours ago

FILE - In this image taken from San Francisco Police Department body-camera video, the husband of f...

Olga R. Rodriguez, Associated Press

Man gets 30 years in prison for attacking ex-Speaker Nancy Pelosi’s husband with a hammer

A man has been sentenced to 30 years in prison for attacking the husband of then-House Speaker Nancy Pelosi with a hammer.

16 hours ago

This photo provided by Vermont State University shows Max the Cat stands in front of Woodruff Hall ...

Associated Press

A college puts the ‘cat’ into ‘education’ by giving Max an honorary ‘doctor of litter-ature’ degree

A Vermont university has bestowed the honorary degree of “doctor of litter-ature” on a cat named Max who has become a beloved member of its community.

17 hours ago

RCMP Superintendent serious crimes branch David Hall speaks about Alberta RCMP linking four histori...

Rob Gillies, Associated Press

Dead US serial sex offender linked to 4 slain Canadian young women

Canadian police say they have linked the deaths of four young women nearly 50 years ago to a now deceased U.S. fugitive who hid in Canada from the mid 1970s to the late 1990s.

18 hours ago

Sponsored Articles

Electrician repairing ceiling fan with lamps indoors...

Lighting Design

Stay cool this summer with ceiling fans

When used correctly, ceiling fans help circulate cool and warm air. They can also help you save on utilities.

Side view at diverse group of children sitting in row at school classroom and using laptops...

PC Laptops

5 Internet Safety Tips for Kids

Read these tips about internet safety for kids so that your children can use this tool for learning and discovery in positive ways.

Women hold card for scanning key card to access Photocopier Security system concept...

Les Olson

Why Printer Security Should Be Top of Mind for Your Business

Connected printers have vulnerable endpoints that are an easy target for cyber thieves. Protect your business with these tips.

Modern chandelier hanging from a white slanted ceiling with windows in the backgruond...

Lighting Design

Light Up Your Home With These Top Lighting Trends for 2024

Check out the latest lighting design trends for 2024 and tips on how you can incorporate them into your home.

Technician woman fixing hardware of desktop computer. Close up....

PC Laptops

Tips for Hassle-Free Computer Repairs

Experiencing a glitch in your computer can be frustrating, but with these tips you can have your computer repaired without the stress.

Close up of finger on keyboard button with number 11 logo...

PC Laptops

7 Reasons Why You Should Upgrade Your Laptop to Windows 11

Explore the benefits of upgrading to Windows 11 for a smoother, more secure, and feature-packed computing experience.

A third of Americans could have had data stolen in big health care hack