In February, hackers breached Change Healthcare’s IT network, causing widespread fallout in the health-care sector. The cyberthreat actor used compromised credentials to infiltrate the company’s systems and deployed ransomware that encrypted the network. UnitedHealth has since implemented multifactor authentication (MFA) across all external-facing systems to enhance security and prevent future breaches.
During testimony before the U.S. Senate Committee on Finance, UnitedHealth confirmed paying a $22 million ransom to hackers who breached Change Healthcare. This payment was made in bitcoin and was the first time the company publicly acknowledged the ransom. The hackers accessed part of Change Healthcare’s IT network through an unprotected portal, which required users to only verify their identities in one way.
UnitedHealth disclosed a cyberattack that impacted a significant number of individuals in America, compromising files containing protected health information and personally identifiable information. Due to the complexity of the data review, it will take months to notify affected individuals. The company is offering free identity theft protection and credit monitoring for those concerned about their data.
