This confirmation was made during a hearing before the U.S. Senate Committee on Finance on Wednesday.
Change Healthcare, a subsidiary of UnitedHealth Group, offers a range of solutions, including payment and revenue management, as well as e-prescription software. The cyberattack on this subsidiary has had a significant impact on the healthcare sector. The company had to disconnect the affected systems once the threat was detected, which left many doctors temporarily unable to fill prescriptions or receive payment for their services.
In April, UnitedHealth informed CNBC that it had paid a ransom in an attempt to safeguard patient data. Prior reports had identified a $22 million transfer on Bitcoin's blockchain, but the company had not confirmed this figure until now.
"The decision to pay a ransom was mine," Witty stated, as the company's chief executive officer. "This was one of the hardest decisions I've ever had to make, and I wouldn't wish it on anyone."
WATCH: ASTRAZENECA SUED OVER VACCINE WOES
UnitedHealth is one of the world's largest companies, boasting a market cap of approximately $450 billion. In 2022, its business unit Optum, which provides care to 103 million customers, merged with Change Healthcare, which interacts with one in three patient records.
WATCH: JOHN FETTERMAN IS HILARIOUS DEALING WITH DERANGED LEFTISTS
Sen. Ron Wyden, D-Ore., the Committee Chairman, stated in his opening remarks that the breach at Change Healthcare serves as a "dire warning about the consequences of too-big-to-fail mega-corporations." He added, "Companies that are so big have an obligation to protect their customers and to lead on this issue."
Witty informed the committee that cybercriminals gained access to Change Healthcare through a server that lacked multi-factor authentication (MFA), a security measure that requires users to verify their identity in at least two different ways. He assured the committee that UnitedHealth has now implemented MFA across all external-facing systems.
WATCH: EVEN CNN CAN'T BELIEVE WHAT A LIAR MICHAEL COHEN IS!
"As a result of this malicious cyberattack, patients and providers have experienced disruptions and people are worried about their private health data," Witty said. "To all those impacted, let me be very clear: I am deeply, deeply sorry."
Sen. Thom Tillis, R-N.C., held up a bright yellow copy of "Hacking for Dummies" during the hearing, stating that the breach is UnitedHealth's responsibility to fix. "This is some basic stuff that was missed, so shame on internal audit, external audit and your systems folks tasked with redundancy, they're not doing their job," Tillis said.
SHOCKING DETAILS EMERGE IN MYSTERY SURROUNDS BOATING ACCIDENT THAT CLAIMED TEEN BALLERINA’S LIFE
According to a filing with the U.S. Securities and Exchange Commission, UnitedHealth discovered that a cyber threat actor accessed part of Change Healthcare's information technology network in late February. Witty stated that Change Healthcare's core systems are now back online, although some of its secondary support functions are still being restored.
GLOVES OFF! INSULTS FLY AS AOC AND MTG TRADE BARBS IN MUST-SEE CONGRESSIONAL MELTDOWN
In February, UnitedHealth identified the ransomware group Blackcat as the perpetrator of the attack. Blackcat, also known as Noberus and ALPHV, steals sensitive data from institutions and threatens to publish it unless a ransom is paid, according to a December release from the U.S. Department of Justice.
IS THE WHITE HOUSE HIDING BIDEN'S BLUNDERS? SECRET AUDIO LOCKED DOWN AS REPUBLICANS FUME
UnitedHealth confirmed in April that files containing protected health information and personally identifiable information were compromised in the breach. The company stated that a data review is ongoing, so it could be months before the company can notify affected individuals.
IS KAMALA HARRIS PLANNING HER NEXT MOVE IN CASE JOE BIDEN LOSES?
Witty said on Wednesday that UnitedHealth is working with regulators to assess the breach and to inform people if their information has been compromised "as soon as possible."
In early March, UnitedHealth launched a temporary funding assistance program to support providers that have experienced cash flow disruptions due to the cyberattack. There are no fees, interest or other costs on top of the payments, and providers have 45 days to repay the funds once their standard payment operations resume.
During the hearing, Witty stated that the company has not yet asked anyone for loan repayments, and it will be up to providers to determine when their operations have officially returned to normal.
Witty did not directly disclose whether UnitedHealth will provide additional support to providers who may be contending with other loans and interest payments because of the breach.
Sen. Michael Bennet, D-Colo., pressed Witty to share how UnitedHealth is working to ensure something like the Change Healthcare breach will not happen again. Witty said the company plans to share what it discovers about the breach with others, adding that there's a need to focus on reducing the rate of cyberattacks on the healthcare sector.
"We are clearly trying to take our responsibility in this attack. We are also trying to learn from it," he said.
Discover alternative ideas that will make you think
Engage in mind bending debate
Earn points, rise in rank, have fun
