U.S. military personnel had data stolen in UnitedHealth hack, CEO tells Senate

Members of the U.S. military have had their data stolen in the

recent cyberattack on UnitedHealth's technology unit that impacted almost all patients and providers, CEO Andrew Witty told the Senate Finance Committee on Wednesday.

"We do believe there will be members of the armed forces" caught up in the hack, Witty said in the first of two scheduled testimonies in front of Congressional panels. It would take longer than a week to provide lawmakers with the number of military personnel affected, Witty told the committee Chairman, Senator Ron Wyden.

The hack at Change Healthcare, a provider of healthcare billing and data systems that processes about 50% of U.S. medical claims, on Feb. 21 caused widespread disruption in payment to doctors and health facilities. "I believe the bigger the company, the bigger the responsibility to protect its systems from hackers. UHG was a big target long before it was hacked. The FBI says that healthcare industry is the number one target of ransomware," Wyden said in opening remarks, adding that the hack was a national security threat.

Health and personal data of a "substantial proportion" of Americans were stolen, UnitedHealth said last week. "UnitedHealth Group has not revealed how many patients' private medical records were stolen, how many providers went without reimbursement, and how many seniors are unable to pick up their prescriptions as a result of the hack," said Wyden.

"The failures of CEOs like Mr. Witty, who months in can't figure out how many people have had their data stolen, validates the FBI warning," he said. In letters to the congressional committees Witty will face, the American Hospital Association said an internally survey of its members found that 94% of hospitals reported damage to cash flow and more than half reported "significant or serious" financial damage due to Change's inability to process claims.

Hackers breached UnitedHealth's tech unit on Feb. 12 by using stolen login credentials that gave them remote access to its network, Witty will tell the Senate Finance Committee on Wednesday morning and the House Energy Subcommittee on Oversight and Investigations in the afternoon. In a written testimony published earlier this week, Witty said UnitedHealth, the largest U.S. health insurer, has been working with the FBI and prominent cybersecurity firms to investigate the hack.

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)