In the aftermath of the cyberattack on Change Healthcare, the full extent of the impact on Americans remains unclear. Two months after the breach, the company’s CEO, Andrew Witty, testified before a House hearing, providing an estimate that a third of Americans may have been affected. However, he emphasized that the investigation is ongoing, and the exact number is still being determined.
During the hearing, Witty faced questions about the lack of multi-factor authentication on a Change Healthcare portal, which allowed the hackers to breach the system. Senators criticized the company for this security lapse, highlighting the importance of robust cybersecurity measures. Witty assured that multi-factor authentication is now enforced across all external systems.
In a written statement ahead of the hearing, Witty stated that the company has not yet seen evidence of sensitive medical data, such as doctors’ charts or full medical histories, being stolen. The investigation is ongoing, and UnitedHealth spokesperson Anthony Marusic did not immediately respond to a request for comment on Witty’s estimate.
Witty also testified that it may take several months before Change Healthcare can begin notifying victims of the breach. The company is still working to determine the exact number of individuals affected and is committed to providing updates as more information becomes available.
