UnitedHealth CEO details cyberattack root, working 24/7 to 'fix this'

Cyberattack on United's Change Healthcare unit in February is still causing disruptions

UnitedHealth Group CEO Andrew Witty revealed new details about the cyberattack on its Change Healthcare unit earlier this year, and said the company has been working around the clock to fully restore its systems following the widespread outages from the attack.

In prepared remarks before the Senate Finance Committee on Monday, Witty said the perpetrator of the Feb. 21 hack was a cybercriminal known as Blackcat or ALPHV, confirming earlier reports that the ransomware group had taken credit for the attack.

UnitedHealth CEO Andrew Witty arriving at Senate

UnitedHealth Group CEO Andrew Witty arrives for a Senate Finance Committee hearing in Washington, D.C., on Wednesday. (Al Drago/Bloomberg via Getty Images / Getty Images)

The CEO said cybersecurity experts are still investigating the hack, but have so far been able to determine that criminals used compromised credentials to access Change's systems nine days prior to the deployment of the ransomware, through a remote-access portal that did not have multi-factor authentication.

KAISER PERMANENTE SAYS DATA BREACH MAY AFFECT 13.4M CUSTOMERS

Witty said it could be months before UnitedHealth knows the full scope of the data breach, and reconfirmed that the company "found files containing protected health information (PHI) and personally identifiable information (PII), which could cover a substantial proportion of people in America."

UnitedHealth expects to take a $1.6 billion hit this year due to the cyberattack in February. (Sheldon Cooper/SOPA Images/LightRocket via Getty Images / Getty Images)

The cyberattack on Change, a provider of health care billing and data systems and a key node in the U.S. health care system, disrupted payments to doctors and health care facilities nationwide for a month while taking a harsh toll on community health centers that serve more than 30 million poor and uninsured patients.

HOW THE TARGET AND UBER CYBERATTACKS FROM YEARS AGO SHAPED PUBLIC PERCEPTION OF CYBERSECURITY TODAY

UnitedHealth reported earlier this month that it expects to take a $1.6 billion hit this year from the hack. 

Ticker Security Last Change Change %
UNH UNITEDHEALTH GROUP INC. 608.34 +2.02 +0.33%

UnitedHealth Group Inc.

Roger Connor, CEO of UnitedHealth's OptumInsight unit, which runs Change, said at the time that Change's pharmacy claims and payment management businesses are 80% functional, and the company will bring more products online in the coming weeks. The company believes Change will return to its baseline performance next year.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

"We have been working 24/7 from the day of the incident and have deployed the full resources of UnitedHealth Group on all aspects of our response and restoration efforts," Witty told lawmakers on Monday. "I want this Committee and the American public to know that the people of UnitedHealth Group will not rest — I will not rest — until we fix this."

Reuters contributed to this report.