UnitedHealth's CEO, Andrew Witty, confirmed before a Senate hearing that the company paid $22 million to the ransom hacker group Blackcat because a subsidiary of the health insurance provider was hacked earlier this year. 

According to CBS, Witty informed lawmakers that the firm did not ascertain the number of patients and medical personnel affected by the February cyberattack on Change Healthcare during an extensive legislative hearing.

Based on pre-hearing prepared testimony, Witty verified on Wednesday that UnitedHealth paid a $22 million bitcoin ransom to BlackCat, an independent conclusion.

Legislators revealed on Wednesday that some patient data remains compromised and available for viewing on the dark web, even after the ransom was paid. 

(Photo: Kent Nishimura/Getty Images) 

The primary subject during the meeting was how cybercriminals gained entry to Change Healthcare, an alternative UnitedHealth subsidiary that the company acquired in October 2022.

House Energy and Commerce Committee members questioned Witty about why the nation's largest health insurance provider did not have the most fundamental cybersecurity defenses before the hack.  

ALPHV, or BlackCat, a ransomware organization operating in Russia, was the source of the cyberattack. The collective asserted accountability for the assault, claiming to have pilfered over six terabytes of information, including "sensitive" medical records.

Due to the attack's impact on the nation's payment and claims processing, doctor's offices and healthcare systems were put under strain as their capacity to submit claims and get payment was compromised. 

Read Also: Change Healthcare Confirms Paying Ransomware Hackers, But Patient Data Leak Might Still End Up on Dark Web 

Americans Affected by the Breach

Earlier this week, UnitedHealth confirmed that a significant number of Americans' health data had been stolen due to the breach.

The company has not yet found any evidence that documents such as full medical histories or patient files were compromised in the data.

Due to the scale and complexity of the data investigation, according to UnitedHealth, it will likely take several months of continuous study before enough information is accessible to determine and notify those affected people.

As it continues to work with leading industry experts to evaluate the data implicated in this cyberattack, the firm is providing immediate support and robust protection rather than waiting until the conclusion of the data review process.

Following the cyber incident, some of the country's largest pharmacies reported delays in prescription services.

Network outages that affected national healthcare providers at the time prevented a family-owned pharmacy, two army drugstores in the Midwest and California, and other pharmacies from filling prescriptions.

Due to the attack's scope-Change Healthcare, according to the American Hospital Association, conducts 15 billion transactions annually-even individuals who are not UnitedHealth clients may have been impacted. 

UnitedHealth Against the Breach

UnitedHealth Group's first-quarter earnings were released last week, and the business stated that the breach had already cost them approximately $900 million, not including the ransom paid.

Ransomware assaults, which include bringing down a target's computer systems, have become more common in the healthcare industry.

A 2022 study published in JAMA Health Forum states that between 2016 and 2021, the annual number of ransomware attacks targeting hospitals and other healthcare facilities rose.  

Related Article: UnitedHealth Tightens Security After Cyberattack: MFA Now on All Exposed Systems

(Photo: Tech Times)