The previous data breach on UnitedHealth Group is estimated to have impacted at least one-third of Americans' data, according to CEO Andrew Witty.
In a Congressional committee on Wednesday, Witty testified that it would likely take "several months" before affected victims could be notified as investigations on the attack are still ongoing.
The CEO was unable to provide an exact number on how many private and personal data of US customers were stolen but noted that "we have not seen evidence of exfiltration of materials such as doctors' charts or full medical histories among the data."
UnitedHealthcare, with all of its healthcare businesses, processes more than 50% of all medical and healthcare claims in the US.
Change Healthcare, the company's subsidiary targeted by the hackers last February, provides services to more than 33,000 pharmacies, and 5,500 hospitals in the U.S. alone.
CNBC News first reported Witty's testimony.
Witty's statement follows the company's announcement last April, reporting that the data breach has compromised a "substantial proportion of people in America."
UnitedHealthcare Under Fire for Cybersecurity Lapses
Due to the scale of its damage and the nature of the data exposed, several senators have raised concerns about a national security threat with the cyberattack.
Senate Finance Committee Chairman Ron Wyden highlighted that the "bigger the company, the bigger the responsibility to protect its systems from hackers."
The statement concerns the Senate findings that the healthcare provider has lapses in its cybersecurity, allowing threat actors to easily infiltrate critical data systems.
According to reports, Change Healthcare was breached via stolen credentials on an older server which was not protected by multifactor authentication, a requirement for many businesses that process personal and private data.
It does not help that another ransomware group claimed to still have a copy of the stolen data, threatening the company to leak 4TB of personal details and medical records if the company did not pay the ransom.
It is not yet clear what actions or penalties Congress will demand from UnitedHealthcare as federal audits are still ongoing, as well.
Healthcare Companies Report Major Financial from UnitedHealthcare Cyberattack
Customers were not the only ones who have reported suffering damages from the cyberattack on UnitedHealthcare.
The Wednesday Congressional hearing has also revealed that 94% of healthcare providers relying on the company's processing services reported "significant or serious" financial losses due to the operation disruption.
This is in addition to the 90% of doctors claiming to have lost revenue following the attack.
It can be remembered that the ransomware attack on the company suspended many healthcare operations for days while UnitedHealth tried to recover the stolen data from the hackers.
