UnitedHealth Group CEO Artful Andres will testify that hackers exploited a vulnerability in the Change Healthcare Citrix portal to access the company’s systems, leading to a ransomware attack nine days later. The portal did not have multi-factor authentication, making it easier for threat actors to move laterally within the systems and extract data. The attack, one of the costliest in history, could cost UnitedHealth Group $1.6 billion in profits this year.
The FBI and cybersecurity firms are working with UnitedHealth Group to investigate the breach. The company has also engaged security experts from Google, Microsoft, Cisco, and Amazon, as well as teams from Mandiant and Palo Alto Networks, to enhance its cyber defenses. There are concerns that U.S. officials had previously warned about security gaps in Citrix tools, potentially exposing vulnerabilities that hackers exploited.
Congressional committees are holding hearings to address the cyber attack, with Witty scheduled to testify before both House and Senate committees. House Energy and Commerce Committee Chairman Cathy McMorris Rodgers and Subcommittee on Oversight and Investigations Chairman Morgan Griffith aim to gain a deeper understanding of the incident and the response efforts.
In an effort to identify the hackers behind the attack, the federal government is offering a $10 million reward for information leading to the apprehension of the group known as ALPHV BlackCat. This group targeted Change Healthcare and other systems in a sophisticated cyberattack that resulted in substantial financial losses for UnitedHealth Group.
Witty emphasized the company’s commitment to strengthening cyber defenses and sharing accurate information about the incident responsibly. While the full extent of the breach and the impact on sensitive data remains unclear, ongoing investigations and collaboration with cybersecurity experts aim to mitigate future risks. The lack of multi-factor authentication in the Citrix portal underscores the importance of implementing robust security measures to safeguard against cyber threats.
Article Source
https://www.pymnts.com/fraud-attack/2024/unitedhealth-group-ceo-said-hackers-struck-via-citrix-portal/