ALBAWABA – One third of Americans may have had their personal health care data breached in the recent ransomware cyberattack that targeted a UnitedHealth Group subsidiary, which conducts over 15 billion medical transactions every year, disrupting pharmacies and health care systems across the United states, CEO Andrew Witty testified in front of Congress.
During hours of Senate and House sessions on Wednesday, Witty apologized to patients and physicians, admitting that hackers compromised the company's operations via an inadequately secured computer system, and revealed that he ordered a $22 million ransom to be paid in Bitcoin to hackers.
It would likely require "several months" for UnitedHealth to locate and get in touch with Americans affected by the theft, CNN reports citing Witty’s written testimony, as the company is still going over the large amount of compromised data, estimating a third of Americans’ to be impacted by the hack.
Witty added his written testimony to the panel that threat actors, revealed to be criminal group known as ALPHV, or BlackCat, utilized "compromised credentials" to penetrate the company's servers on February 12 before they delivered ransomware that locked the network for nine days.
“Your revenues are bigger than some countries’ GDP,” Senator Marsha Blackburn noted to Witty, asking him vigorously “how in heaven’s name did you not have the necessary redundancies so that you did not experience this attack and find yourself so vulnerable?”
Senator Ron Wyden added that “Americans are still in the dark about how much of their sensitive information was stolen,” with legislators indicating they will keep up the demands on the firm to find out what sensitive health information was obtained.
