UnitedHealth CEO Andrew Witty admits he paid $22 million ransom to hackers

Date:


Health insurance provider UnitedHealth paid a multimillion-dollar ransom to hackers who broke into one of its subsidiaries, disrupting healthcare providers across the country for months, CEO Andrew Witty confirmed on Wednesday. 

In a hearing before the Senate Committee on Finance, Witty said the decision to pay the $22 million ransom was entirely his. “This was one of the hardest decisions I’ve ever had to make,” he said. UnitedHealth admitted last month that it had paid a ransom to the hackers who breached the Change Healthcare system — which is owned by UnitedHealth — but didn’t disclose the sum. In March, the company attributed the breach to BlackCat, the same entity responsible for the MGM casino hack in Las Vegas. That same month, Wired reported that BlackCat, which also goes by ALPHV, received a $22 million transaction on Bitcoin on March 1st.

BlackCat previously claimed it netted more than six terabytes of data as part of the hack, which it carried out in February of this year. The ransomware gang said the data included “sensitive” medical records, according to CBS News.

“Criminals used compromised credentials to remotely access Change Healthcare Citrix portal, an application used to enable remote access to desktops,” Witty said during his testimony, adding that the portal “did not have multifactor authentication.” 

“This hack could’ve been stopped with cybersecurity 101,” said Sen. Ron Wyden (D-OR), the chair of the committee. After Witty confirmed United will require multifactor authentication companywide going forward, Wyden said it “shouldn’t have taken the worst cyberattack ever in the healthcare sector for an agreement to do this bare minimum.”

The effects of the hack were far-reaching. After the breach was discovered, United shut down the Change Healthcare system for a week, which prevented hospitals, clinics, and pharmacies across the country from getting paid. During the hearing, Witty said the system is now “broadly back to normal.” But some senators told Witty that hospitals and other healthcare providers are still waiting on payments. Wyden (D-OR) told Witty that some providers who filed claims in February were told they’d have to wait until June to get paid.

UnitedHealth manages more than one-third of all patient records in the US and oversees 1 in 10 doctors across the country, according to a letter the American Hospital Association sent to the Department of Health and Human Services in March. In his opening remarks, Wyden called United a “healthcare leviathan” and described the hack as a “dire warning about the consequences of too-big-to-fail mega-corporations.”



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

spot_imgspot_img

Popular

More like this
Related

String theory is not dead yet

String theory is a mathematical description of nature...

JWST spots more light than expected in the early universe

This artist's concept shows early galaxies forming in...

Bentonite Clay For Diarrhea (Does it Work?)

Bentonite clay has become a staple in our...

Creative & Unique Gift Ideas (They Don’t Already Have)

I’ve shared my holiday gift guide, but many...