The personal information of a third of Americans has been stolen by hackers

Personal data of one-third of Americans was stolen in a February ransomware attack on a division of UnitedHealth Group, one of the largest health insurance companies in the United States, CNN reported.

The attack disrupted pharmacies and clinics in the U.S., UnitedHealth CEO Andrew Whitty told Congress on May 1.

It will likely take “several months” before UnitedHealth can identify and notify Americans affected by the hack, Whitty said.

During hours of hearings in the Senate and House of Representatives, the company’s chief executive apologized to patients and doctors, acknowledged that hackers penetrated the database through a poorly secured computer server, and confirmed that he had authorized a $22 million ransom payment to the attackers.

Experts believe the scale of the most significant healthcare cyberattack in US history may be even larger than previously thought. The hacking incident prompted some lawmakers to call for cybersecurity regulations for healthcare companies.

The February ransomware attack paralyzed computers that Change Healthcare, a subsidiary of UnitedHealth, uses to process medical claims across the country.

The cyberattack, which began Feb. 21, caused prolonged disruptions at pharmacies and hospitals. Employees at these facilities were unable to confirm patient benefits, dispense medications and process referrals for surgeries. According to a hospital association, health care providers were deprived of billions of dollars in payments.