We do believe there will be members of the armed forces and ... veterans whose data was stolen, Witty said, adding that he would make it a 'top priority' to deliver on Wyden's demand for an accounting, in writing, of the number of military personnel affected and UnitedHealth's 'best assessment of who they are.'
UnitedHealth hasn't yet notified individuals whose data was stolen, going beyond the 60-day reporting window required by the Health Insurance Portability and Accountability Act. The CEO said the company is working with U.S. regulators on 'how best to do that,' but faced delays in accessing Change's original dataset.
Sen. Maggie Hassan, D-N.H., said UnitedHealth needs to 'at least send preliminary notifications to individuals so that they can take protective actions like monitoring their bank accounts, changing passwords and enrolling in the credit monitoring system that United Healthcare set up' with Equifax.
Wyden and other committee members, meanwhile, railed against Witty over the revelation that the Change Healthcare server breached by an affiliate of the ALPHV ransomware gang did not employ multi-factor authentication, allowing the hackers to gain remote access to the payment processor.
[
add
]
[
|
|
...
]