Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO

The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company’s systems that weren’t protected by multifactor authentication (MFA), according to the chief executive of its parent company, UnitedHealth Group (UHG).

UnitedHealth CEO Andrew Witty provided the written testimony ahead of a House subcommittee hearing on Wednesday into the February ransomware attack that caused months of disruption across the U.S. healthcare system.

This is the first time the health insurance giant has given an assessment of how hackers broke into Change Healthcare’s systems, during which massive amounts of health data were exfiltrated from its systems. UnitedHealth said last week that the hackers stole health data on a “substantial proportion of people in America.”

Change Healthcare processes health insurance and billing claims for around half of all U.S. residents.

According to Witty’s testimony, the criminal hackers “used compromised credentials to remotely access a Change Healthcare Citrix portal.” Organizations like Change use Citrix software to let employees access their work computers remotely on their internal networks.

Witty did not elaborate on how the credentials were stolen. The Wall Street Journal first reported the hacker’s use of compromised credentials last week.

However, Witty did say the portal “did not have multifactor authentication,” which is a basic security feature that prevents the misuse of stolen passwords by requiring a second code sent to an employee’s trusted device, such as their phone. It’s not known why Change did not set up multifactor authentication on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer’s systems.

“Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data,” said Witty.

Witty said the hackers deployed ransomware nine days later on February 21, prompting the health giant to shut down its network to contain the breach.

UnitedHealth confirmed last week that the company paid a ransom to the hackers who claimed responsibility for the cyberattack and the subsequent theft of terabytes of stolen data. The hackers, known as RansomHub, are the second gang to lay claim to the data theft after posting a portion of the stolen data to the dark web and demanding a ransom to not sell the information.

UnitedHealth earlier this month said the ransomware attack cost it more than $870 million in the first quarter, in which the company made close to $100 billion in revenue.

UnitedHealth says Change hackers stole health data on ‘substantial proportion of people in America’

Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
Создан самый огромный павербанк в мире — он способен зарядить 5 тысяч смартфонов thumbnail

Создан самый огромный павербанк в мире — он способен зарядить 5 тысяч смартфонов

31.01.2022 [18:47],  Максим Шевченко Однажды YouTube-блогер Хэнди Генг (Handy Geng) обратил внимание на то, что у всех его друзей павербанки больше, чем у него. По словам блогера, это настолько беспокоило его, что он не мог спокойно спать. В результате Генг создал самый большой в мире павербанк. Источник изображения: Handy Geng/YouTube Генг изготовил «портативное» зарядное устройство…
Read More
What does the Twitch leak tell us about influencer salaries? thumbnail

What does the Twitch leak tell us about influencer salaries?

Après un leak sans précédent, c’est tout Twitch qui a fuité sur le web. La plateforme a notamment laissé fuiter le salaire de ses plus gros influenceurs. Hier, la fuite de Twitch sur la plateforme 4Chan a mis à mal la plateforme d’Amazon. En plus de dévoiler bon nombre d’informations sur ses utilisateurs, son code…
Read More
Blizzard support studio workers drop union bid thumbnail

Blizzard support studio workers drop union bid

One Activision Blizzard studio won't form a union, at least not in the near future. The Communication Workers of America (CWA) says it's withdrawing its petition for a union vote at Blizzard support studio Proletariat, which is currently working on World of Warcraft: Dragonflight. As Kotaku notes, a CWA spokesperson claims Proletariat chief Seth Sivak
Read More
Neuralink keeps losing the thread on brain implant wiring thumbnail

Neuralink keeps losing the thread on brain implant wiring

Elon Musk's neurotech startup's revelation that the tiny wires on its chip implants came loose from its first human patient's brain might not have been a first. The Neuralink N1 implant has 64 threads, each thinner than a human hair, through which is distributed a total of 1,024 electrodes. It's not clear how many slipped
Read More
Index Of News
Total
0
Share