UnitedHealth CEO admits it paid $22 million ransom to BlackCat ransomware group

UnitedHealth is working with regulators to assess the breach and to inform people if their information has been compromised “as soon as possible.” This is in connection with a recent breach of the company that led to the compromise of sensitive patient data.

Witty had previously acknowledged that the company paid a ransom to protect patient data but had not disclosed the exact amount. The revelations also serve as confirmation for previous reports from a popular outlet about the discovery of a $22 million transfer on Bitcoin’s blockchain.

UnitedHealth is one of the largest companies in the world, with a roughly $450 billion market cap. Its business unit Optum — which provides care to 103 million customers — and Change Healthcare — which touches one in three patient records — merged in 2022.

According to Witty, hackers were able to gain access to company systems through a server that didn't have MFA turned on. He noted that the company has since enabled MFA for all external-facing systems.

During the Senate hearing, Senator Thom Tillis criticized UnitedHealth Group, stating that the incident could have been easily avoided and that the company has a responsibility to rectify the situation. "This is some basic stuff that was missed, so shame on internal audit, external audit, and your systems folks tasked with redundancy; they’re not doing their job," Tillis remarked.

Shortly after the attack, UnitedHealth Group was forced to disable the affected systems to prevent further damage. This left many doctors temporarily unable to fill prescriptions or get paid for their services, but Witty says that Change Healthcare’s core systems are back online, though some of its secondary support functions are still being restored.

He also said that UnitedHealth is working with regulators to assess the breach and to inform people if their information has been compromised “as soon as possible.”