WASHINGTON—While information remains incomplete on just how big the risk might be for credit unions and their members, UnitedHealth Group has acknowledged that up to one-third of Americans could have had their personal data stolen as part of a data breach earlier this year.
For credit unions, of course, the critical questions involve whether the stolen data will help crooks in their fraud attempts, including attempts at direct fraud or indirectly through the creation of synthetic accounts.
During testimony before Congress, UnitedHealth CEO Andrew Witty confirmed the size of the breach at its subsidiary company, Change Healthcare, which disrupted pharmacies across the U.S., and further said it will take “several months” before the company can identify and notify Americans affected by the hack because it is still attempting to sort through the stolen data.
Poor Security
Witty said the hackers were able to break in through a poorly protected computer server.
Witty’s testimony touched on another issue often debated in credit unions when he confirmed he authorized a $22 million ransom payment to the hackers.
Credit unions and CUSOs, like other companies, are often advised against paying ransoms when cyber-hackers penetrate their systems and capture data.
Change Healthcare, which processes about 15 billion health care transactions annually, confirmed it chose to make the payment as it struggled to get its systems back online and because so many health care operations and pharmacies were affected.
‘Still in the Dark’
Witty said the criminal group ALPHV, or BlackCat, is believed to be responsible for the attack.
In the meantime, great uncertainty remains.
“Americans are still in the dark about how much of their sensitive information was stolen,” Sen. Ron Wyden (D-OR), who chairs the finance committee, lamented during the hearing.
Daily News Headlines. To Your Inbox. Every Day. And It’s Free
The biggest, best and freshest news reporting in credit unions remains free, and now has an added bonus---free shipping to your email address! That’s right. Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more. So stop paying those bank-fee-like subscription prices from other so-called “news” publications!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance.
And did we mention it’s free?