During an attack on a UnitedHealth Group subsidiary, almost a third of Americans could have their data compromised.
The attack that took place in February will have sweeping implications for healthcare users and their personal information.
Details of the Attack
A cyberattack is said to have taken place in February on a large healthcare insurance group in the U.S.
The hack into a country wide system affected the ability for pharmacists to fill prescriptions and for healthcare professionals to deliver quality care. The event specifically targeted the billing system that many doctors and pharmacies use, causing doctors to go without payment for extended periods of time.
UnitedHealth CEO Brought Before Congress
On Wednesday the CEO of UnitedHeath, Andrew Witty, was brought to a Congressional hearing to discuss the reasons and the implications of the attack. U.S. politicians take the breach of public information very seriously and intended to supervise the investigation.
Witty stated that his internal investigation team will need several months to uncover the source of the hack.
Millions of Americans Left Waiting
Due to the intricate and delicate nature of computer network hacking, millions of customers will be left in the dark not knowing if their personal information has been leaked.
Without the knowledge of where their banking and detailed medical histories are, patients will need to take precautions to protect their finances until the details of the hack are revealed.
How Hackers Gained Access To the National System
During the hours of questionings in the Senate and House on Wednesday, Witty shared some specifics of the source of the data breach.
He claims that the hackers were able to gain access to the information through a poorly protected computer server. Computer experts can often make passages through firewalls and encryptions to get into classified data or protected information.
Witty Gave Into Hackers’ Demands
Although it is usually not advisable by law enforcement to give into a ransom demand, Witty decided that his best bet to protect users’ data was to get them what they wanted.
Witty apologizes for authorizing a $22 million ransom payment to the hackers through a special wire.
The FBI Warns Against Paying Ransoms
Although the FBI has released a statement about the attack, UnitedHealth officials said that they felt they had no choice in the matter but to do as they were told by the hackers to recover stolen data and get their systems back online.
Often, someone asking for a ransom amount will receive the money and never deliver their end of the deal.
Terrible Outcome for Doctors and Patients Affected
At the time of the server attack, the ransomware disabled computers for Change Healthcare, a subsidiary used by UnitedHealth.
Health providers and doctors were unable to collect payments, resulting in billions of dollars of lost revenue, said one health association. Other clinics were completely cut off from their revenue source and came close to closing their practices.
Lawmakers Are Concerned That Unitedhealth Has a Stranglehold on the Market
During the congressional meeting, some lawmakers brought concerns that UnitedHealth and Change Healthcare control too much of the market. The attack shows how easily one company can disable the entire workings of the healthcare system in America.
The company’s process about 15 billion health care transactions in a single year. The monopoly hold that they have on the market could be disastrous in another event.
Tennessee Senator Asking Tough Questions
Sen. Marsha Blackburn, R-TN, stated that the companies’ revenue are bigger than some countries’ GDPs.
She questioned why such a large and profitable company wouldn’t have the necessary firewalls and redundancies in order to stop such an attack from happening.
UnitedHealth Naming Notorious Criminal Group for the Attack
The company at the center of this scandal has named a rather famous criminal association for the cyber security breach.
They say that the group called ALPHV, or BlackCat, is responsible for the event. The Justice Department is aware of the group and has named them in several notorious ransomware attacks around the world.
Company Is Committed To Thwarting Future Threats
Now that the company is functioning almost back to normal, Witty states that their cyber security team has expanded and will work harder to protect customer data in the future.
Aside from large companies, any person can be the victim of a ransomware attack.
