UnitedHealth CEO Andrew Witty is set to testify before US lawmakers, revealing that cybercriminals used stolen credentials to access Change Healthcare’s system through a Citrix portal lacking multi-factor authentication. This breach allowed the malicious actors to navigate through the network, steal sensitive data, and deploy ransomware. Witty will also acknowledge paying a ransom to prevent further data leaks, which reportedly cost the company $22 million.
The decision to pay the ransom was a difficult one for Witty, who will present his testimony to the House Energy and Commerce Committee on May 1. The US Senate Finance Committee will also hold a hearing on the Change Healthcare cyberattack, where Witty is expected to testify as well.
In response to the cyberattack, three US senators have requested details from the Cybersecurity and Infrastructure Security Agency (CISA) on how they are assisting Change Healthcare in recovering from the breach and addressing the increased ransomware threat.
The criminals behind the ALPHV ransomware attack spent nine days infiltrating Change Healthcare’s IT systems before launching the ransomware. This resulted in a significant disruption to healthcare services, impacting patients across the US who rely on Change Healthcare’s insurance and billing services.
The ransomware attack has cost UnitedHealth $870 million so far, with potential costs reaching $1.6 billion for the year. Despite the financial impact, UnitedHealth responded swiftly to contain the malware and mitigate the data breach.
Following the initial breach, additional ransomware groups, such as RansomHub and Medusa, targeted healthcare organizations, further highlighting the growing threat of cyberattacks on critical infrastructure. UnitedHealth collaborated with law enforcement agencies and cybersecurity experts to respond to these incidents and enhance its security measures.
Witty emphasized the need for improved cybersecurity practices in the healthcare industry, endorsing mandatory safety standards and increased collaboration between the public and private sectors. He also called for enhanced reporting mechanisms for cybersecurity events and increased support for institutions, particularly those in rural communities, to bolster their cybersecurity defenses.
In his testimony, Witty reiterated the importance of ongoing vigilance against cyber threats, noting that UnitedHealth detects and thwarts digital intrusion attempts every 70 seconds. He emphasized the need for continuous monitoring and investment in cybersecurity to protect sensitive data and critical infrastructure.
In light of recent revelations, including the payment of a ransom and the implementation of multi-factor authentication, UnitedHealth remains committed to strengthening its cybersecurity defenses and supporting broader efforts to enhance cybersecurity across the US.
Article Source
https://www.theregister.com/2024/04/30/unitedhealth_ceo_ransom/