UnitedHealth CEO Andrew Witty admits he paid $22 million ransom to hackers

Share via:


Health insurance provider UnitedHealth paid a multimillion-dollar ransom to hackers who broke into one of its subsidiaries, disrupting healthcare providers across the country for months, CEO Andrew Witty confirmed on Wednesday. 

In a hearing before the Senate Committee on Finance, Witty said the decision to pay the $22 million ransom was entirely his. “This was one of the hardest decisions I’ve ever had to make,” he said. UnitedHealth admitted last month that it had paid a ransom to the hackers who breached the Change Healthcare system — which is owned by UnitedHealth — but didn’t disclose the sum. In March, the company attributed the breach to BlackCat, the same entity responsible for the MGM casino hack in Las Vegas. That same month, Wired reported that BlackCat, which also goes by ALPHV, received a $22 million transaction on Bitcoin on March 1st.

BlackCat previously claimed it netted more than six terabytes of data as part of the hack, which it carried out in February of this year. The ransomware gang said the data included “sensitive” medical records, according to CBS News.

“Criminals used compromised credentials to remotely access Change Healthcare Citrix portal, an application used to enable remote access to desktops,” Witty said during his testimony, adding that the portal “did not have multifactor authentication.” 

“This hack could’ve been stopped with cybersecurity 101,” said Sen. Ron Wyden (D-OR), the chair of the committee. After Witty confirmed United will require multifactor authentication companywide going forward, Wyden said it “shouldn’t have taken the worst cyberattack ever in the healthcare sector for an agreement to do this bare minimum.”

The effects of the hack were far-reaching. After the breach was discovered, United shut down the Change Healthcare system for a week, which prevented hospitals, clinics, and pharmacies across the country from getting paid. During the hearing, Witty said the system is now “broadly back to normal.” But some senators told Witty that hospitals and other healthcare providers are still waiting on payments. Wyden (D-OR) told Witty that some providers who filed claims in February were told they’d have to wait until June to get paid.

UnitedHealth manages more than one-third of all patient records in the US and oversees 1 in 10 doctors across the country, according to a letter the American Hospital Association sent to the Department of Health and Human Services in March. In his opening remarks, Wyden called United a “healthcare leviathan” and described the hack as a “dire warning about the consequences of too-big-to-fail mega-corporations.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

UnitedHealth CEO Andrew Witty admits he paid $22 million ransom to hackers


Health insurance provider UnitedHealth paid a multimillion-dollar ransom to hackers who broke into one of its subsidiaries, disrupting healthcare providers across the country for months, CEO Andrew Witty confirmed on Wednesday. 

In a hearing before the Senate Committee on Finance, Witty said the decision to pay the $22 million ransom was entirely his. “This was one of the hardest decisions I’ve ever had to make,” he said. UnitedHealth admitted last month that it had paid a ransom to the hackers who breached the Change Healthcare system — which is owned by UnitedHealth — but didn’t disclose the sum. In March, the company attributed the breach to BlackCat, the same entity responsible for the MGM casino hack in Las Vegas. That same month, Wired reported that BlackCat, which also goes by ALPHV, received a $22 million transaction on Bitcoin on March 1st.

BlackCat previously claimed it netted more than six terabytes of data as part of the hack, which it carried out in February of this year. The ransomware gang said the data included “sensitive” medical records, according to CBS News.

“Criminals used compromised credentials to remotely access Change Healthcare Citrix portal, an application used to enable remote access to desktops,” Witty said during his testimony, adding that the portal “did not have multifactor authentication.” 

“This hack could’ve been stopped with cybersecurity 101,” said Sen. Ron Wyden (D-OR), the chair of the committee. After Witty confirmed United will require multifactor authentication companywide going forward, Wyden said it “shouldn’t have taken the worst cyberattack ever in the healthcare sector for an agreement to do this bare minimum.”

The effects of the hack were far-reaching. After the breach was discovered, United shut down the Change Healthcare system for a week, which prevented hospitals, clinics, and pharmacies across the country from getting paid. During the hearing, Witty said the system is now “broadly back to normal.” But some senators told Witty that hospitals and other healthcare providers are still waiting on payments. Wyden (D-OR) told Witty that some providers who filed claims in February were told they’d have to wait until June to get paid.

UnitedHealth manages more than one-third of all patient records in the US and oversees 1 in 10 doctors across the country, according to a letter the American Hospital Association sent to the Department of Health and Human Services in March. In his opening remarks, Wyden called United a “healthcare leviathan” and described the hack as a “dire warning about the consequences of too-big-to-fail mega-corporations.”



Source link

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Swiggy, One Year From Now

Swiggy is now a publicly listed company and...

Saylor doubts $60K Bitcoin retrace, BTC ETF options, and...

Bitcoin trader eyes $100K price tag by Thanksgiving...

Chainlink introduces the 'Chainlink Runtime Environment' framework

According to Chainlink, the Common Businesses-Oriented Language (COBOL)...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!