Topics

Latest

AI

Amazon

Article image

Image Credits:Al Drago/Bloomberg / Getty Images

Apps

Biotech & Health

mood

Andrew Witty, chief executive officer of UnitedHealth Group Inc., speaks during a Senate Finance Committee hearing in Washington, DC, US, on Wednesday, May 1, 2024. (Photographer: Al Drago/Bloomberg)

Image Credits:Al Drago/Bloomberg / Getty Images

Cloud Computing

Commerce

Crypto

endeavor

EVs

Fintech

fundraise

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

seclusion

Robotics

Security

societal

outer space

startup

TikTok

Transportation

speculation

More from TechCrunch

Events

Startup Battlefield

StrictlyVC

newssheet

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

Two months afterhackers broke into Change Healthcare systemsstealing and then encrypting party data , it ’s still unclear how many Americans were impacted by the cyberattack .

Last month , Andrew Witty , the chief executive officer of Change Healthcare ’s parent companionship UnitedHealth Group , pronounce that the stolen file include the personal health informationof “ a substantial dimension of people in America . ”

On Wednesday , during a House hearing , when pushed to give a more definitive solvent , Witty testified that the breach impacted “ I think , perchance a third [ of Americans ] or somewhere of that level . ”

Witty said he was reluctant to give a more precise answer because the company is still inquire the severance and trying to figure out exactly how many mass were affected .

UnitedHealth ’s spokesperson Anthony Marusic did not immediately react to a postulation for comment on Witty ’s estimate .

During a auditory modality in the Senate sooner on Wednesday , Witty said that it will likely take “ several month , ” before the company can start notifying victims of the data breach .

In a written instruction filed by Witty ahead of the two hearings , the CEO wrote that “ so far , we have not seen evidence of exfiltration of materials such as doctors ’ chart or full medical histories among the information . ”

Join us at TechCrunch Sessions: AI

Exhibit at TechCrunch Sessions: AI

According to Witty ’s testimony , the hacker “ used compromise certificate to remotely access a Change Healthcare Citrix portal , ” which was not protect by multi - factor authentication , a basic cybersecurity measure that append an redundant step to log into account and organization .

Had that portal had multi - factor certification enable , the breach may not have happened . Several Senators grill Witty on that failure , asking him whether UnitedHealth and Change Healthcare systems are now protected with multi - factor authentication .

During the Senate hearing , Witty say : “ We have an enforced insurance across the administration to have multi - factor authentication on all of our external organisation , which is in position . ”