UnitedHealth Data Breach Caused By Lack Of Multifactor Authentication

In a recent cybersecurity incident, UnitedHealth Group's subsidiary, Change Healthcare, fell victim to a ransomware attack after hackers exploited a password without multifactor authentication (MFA). The breach, which occurred in February, was the focus of a congressional hearing where CEO Andrew Witty testified about the company's cybersecurity measures. Despite efforts to upgrade Change Healthcare's older technology since its acquisition in October 2022, the server targeted by the attack lacked MFA, a critical security feature.

The attack was orchestrated by the Russian-based ransomware gang ALPHV, also known as BlackCat, which claimed to have stolen over six terabytes of data, including sensitive medical records. The disruption affected payment and claims processing nationwide, causing significant stress to health care systems and providers. In response to the attack, UnitedHealth paid a $22 million ransom in bitcoin, a decision Witty described as one of the hardest he's ever made.

The implications of the attack are far-reaching, with the potential to impact a substantial portion of the American population, given Change Healthcare's role in processing 15 billion transactions annually. The breach has already resulted in nearly $900 million in costs for UnitedHealth Group, excluding the ransom payment. This incident underscores the growing threat of ransomware attacks in the health care industry, which have doubled in frequency from 2016 to 2021, highlighting the urgent need for robust cybersecurity measures across all health care platforms.

‍