A third of Americans could have had data stolen in big health care hack

Obamacare created centralized control of Americans' private medical records and insurance information, creating a juicy target for hackers and cybercriminals ...

CNN A third of Americans may have had their personal data swept up in a February ransomware attack on a UnitedHealth Group subsidiary that disrupted pharmacies across the US, UnitedHealth CEO Andrew Witty estimated in testimony to Congress on Wednesday.

It will likely take “several months” before UnitedHealth is able to identify and notify Americans impacted by the hack because the company is still combing through the stolen data, Witty said in written testimony.

In hours of hearings in the Senate and House Wednesday, Witty apologized to patients and doctors, admitted that hackers broke into the subsidiary through a poorly protected computer server and confirmed that he authorized a $22 million ransom payment to the hackers.

The testimony shows that the scope of what experts consider to be the most significant health care cyberattack in US history is even bigger than previously known. And the hacking incident has led some lawmakers to call for cybersecurity regulations for health care companies.

The February ransomware attack paralyzed computers that Change Healthcare, the UnitedHealth subsidiary, uses to process medical claims across the country.

“Americans are still in the dark about how much of their sensitive information was stolen.” – Sen. Ron Wyden

...article continued below
- Advertisement -

Health providers were cut off from billions of dollars in payments, according to one hospital association, and some health clinics told CNN they were close to running out of money.

The Department of Health and Human Services is investigating whether UnitedHealth complied with federal law in protecting patient data.

More than two months since the ransomware attack, Witty touted the company’s recovery by rebuilding computer systems and getting insurance claims flowing to “near-normal” levels.

But, he said the process for identifying and notifying Americans affected by the hack was cumbersome partly because data files were compromised in the incident …


It’s Happened Before … 

Breach of Obamacare Site Spilled Sensitive Data; 94,000 Victims’ Income, Pregnancy Status and More Potentially Exposed

bankinfosecurity.com, November 12, 2018

...article continued below
- Advertisement -

“More than two weeks after announcing that the Obamacare website, HealthCare.gov, had been hacked, the Department of Health and Human Services has revealed that the breach exposed a wealth of information, including partial Social Security numbers and immigration status.”

‘Extraordinary’ congressional health data breach could expose lawmakers and staff, House leaders say

Associated Press, March 9, 2023

“House leaders say the impact of a hack of a health insurance marketplace used by members of Congress ‘could be extraordinary,’ exposing sensitive personal data of lawmakers, their employees and families. In all, thousands of people could be affected.

“DC Health Link, which runs the exchange, said an unspecified number of customers were impacted and it was notifying them and working with law enforcement to quantify the damage. It said it was offering identity theft service to those affected and extending credit monitoring to all customers.

“Some 11,000 of the exchange’s more than 100,000 participants work in the House and Senate — in the nation’s capital and district offices across the nation — or are relatives.”

- Advertisement -
- Advertisement -
- Advertisement -


- Advertisement -
- Advertisement -