Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Top News
Top News

Unitedhealth CEO Admits Lack Of Cybersecurity Led To Attack

Protesters hold up signs saying "Stop Denying Us Care" as Andrew Witty, Chief Executive Officer of UnitedHealth Group, front, gathers his papers after testifying at a Senate Finance Committee hearing

The cyberattack on Change Healthcare earlier this year, which caused widespread disruptions in health care systems, was traced back to a server lacking basic security measures, specifically multifactor authentication. During a U.S. Senate hearing, UnitedHealth CEO revealed that the hackers gained access to the server, leading to the ransomware attack that affected the company's operations.

Senate Finance Committee members expressed concern over the lack of cybersecurity measures, with Senator Ron Wyden emphasizing that the attack could have been prevented with basic cybersecurity practices.

Multifactor authentication, a standard security feature for protecting sensitive data, adds an extra layer of security by requiring users to enter an auto-generated code in addition to their password. Change Healthcare, a provider of technology for processing insurance claims, fell victim to the attack in February, causing disruptions in payment and claims processing nationwide.

UnitedHealth CEO revealed hackers gained access to server, leading to ransomware attack.
Change Healthcare cyberattack traced to server lacking multifactor authentication.
Senate Finance Committee expressed concern over lack of cybersecurity measures.
Multifactor authentication adds extra security layer by requiring auto-generated code.
UnitedHealth paid $22 million ransom and disconnected affected systems.

UnitedHealth responded by disconnecting affected systems to contain the damage and paid a $22 million ransom. The company is currently in the process of rebuilding its platform to ensure the security of its systems.

Despite the challenges faced, UnitedHealth has confirmed that all core systems, including claims payment and pharmacy processing, are now fully operational. The company is also offering free credit monitoring and identity theft protection for two years to those affected by the breach.

The Office for Civil Rights is investigating whether protected health information was compromised and if Change Healthcare adhered to patient privacy laws. While personal information of a significant portion of the population may have been exposed, the company has not detected any release of full medical histories or doctor charts.

Cybersecurity experts note a rise in ransomware attacks, particularly in the health care sector. UnitedHealth CEO acknowledged the ongoing threat of cyberattacks and expressed frustration over the lack of multifactor authentication on the compromised server.

As investigations continue and efforts to enhance cybersecurity measures progress, UnitedHealth remains committed to safeguarding its systems and ensuring the privacy of patient information.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.