Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Privacy Security United States

UnitedHealthCare CEO Says 'Maybe a Third' of US Citizens Were Affected By Recent Hack (techcrunch.com) 34

An anonymous reader shares a report: Two months after hackers broke into Change Healthcare systems stealing and then encrypting company data, it's still unclear how many Americans were impacted by the cyberattack. Last month, Andrew Witty, the CEO of Change Healthcare's parent company UnitedHealth Group, said that the stolen files include the personal health information of "a substantial proportion of people in America." On Wednesday, during a House hearing, when Witty was pushed to give a more definitive answer, testifying that the breach impacted "I think, maybe a third [of Americans] or somewhere of that level."
This discussion has been archived. No new comments can be posted.

UnitedHealthCare CEO Says 'Maybe a Third' of US Citizens Were Affected By Recent Hack

Comments Filter:
  • No Big Deal (Score:4, Funny)

    by organgtool ( 966989 ) on Wednesday May 01, 2024 @03:03PM (#64439846)
    I'll just change my complete medical history to make whatever records they stole useless and irrelevant.
  • At this point just make all records public.

  • by Anonymous Coward

    Hopefully hackers will finally schedule me a prostate exam.

  • I'm completely sure United Healthcare has been punished [youtube.com] for this already. Aren't we supposed to be arguing red vs blue right now?
    • > I'm completely sure United Healthcare has been punished [youtube.com] for this already. Aren't we supposed to be arguing red vs blue right now?

      HAAAR! .. Makes you wonder if billg spend some of that $149B on security, we wouldn't be in this mess.
  • Watch this never happen again.
  • by dgatwood ( 11270 ) on Wednesday May 01, 2024 @03:31PM (#64439932) Homepage Journal

    This is why no company should be allowed to grow so big that it has material private information on a third of the country.

  • by jmccue ( 834797 ) on Wednesday May 01, 2024 @03:56PM (#64440056) Homepage
    When do I get my 7 years of free Credit monitoring ? Now back to reality, I am anxiously waiting for my 1.15 USD settlement check while my info is on tor being sold for much more.
  • by nightflameauto ( 6607976 ) on Wednesday May 01, 2024 @04:05PM (#64440080)

    I gave up on the American medical system a decade or more ago. It's price gouges the shit out of everyone, even those that don't participate, by mandating insurance, which you must purchase from a for-profit company. Said company then gets final say over whether you need treatment, not your doctor. And they have the right to approve coverage, allow the procedure, then "change their mind" after the fact leaving you footing the bill. Fuck every last individual involved in that scam pile of bullshit.

    Which brings me to my "bright side." I doubt I have any medical records worth losing. Yay for living in a third-world shithole country my entire life that never gave me the illusion that healthcare was something I had any right to have.

  • Not to worry (Score:4, Insightful)

    by RogueWarrior65 ( 678876 ) on Wednesday May 01, 2024 @05:47PM (#64440370)

    We'll just raise your premiums by another 30% this year.

  • As someone not in the computer security field, I can't help but notice there's a new massive leak about once a week or so, it seems. Is it impossible to keep data secure, or are these leaks just evidence of incompetence/mismanagement on the part of crappy companies? Are there companies doing it right that we just never hear about, or does it really happen to all of them eventually?
    • You can't measure good security. It's a cost to companies but they see no benefit to it. Change Healthcare took a chance and they lost but they won't lose much money and everyone else who has bad security but wasn't breached didn't lose anything at all. Most companies, (and most security experts) don't even understand where to start with security. You start by knowing all the things you need to protect. Most militaries can't even do that. So companies just rely on security in depth and play whack a mo
    • Yes, there is a thing known as "security as a culture." Companies that practice it prioritize security as Job 1. From top-to-bottom everyone is regularly trained on security practices and auditing is performed by independent third parties to ensure policies are followed.

      I work with a bunch of very large companies and a huge federal agency. It's easy to tell which organizations practice security as a culture and which ones are just on the waiting list for hackers-as-a-service to infiltrate and hold their d
  • ... as well as an asset. How about:

    * If you have data that can be use for identity theft, and it leaks, you owe a per-person-exposed fine.
    * In the absence of reliable records, all unencrypted data held by the company is assumed to have leaked.
    * Fines are increased if if can be shown the company knew about the leak for more than 30 days before admitting it publicly.

    With something like this hanging over them, companies:
    * Might think twice about keeping data they don't really need,
    * Might encrypt data at rest to make it harder to steal.

  • I just received a letter from AT&T the other day that my personal information may have been harvested in a data breach. This comes after my HMO was breached. At this point I think I might as well spray paint my ssn and other info on my garage door since that stuff gets out there no matter who has the info to begin with.

One good suit is worth a thousand resumes.

Working...