Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO

Trending 2 months ago

The ransomware pack that hacked into U.S. wellness tech elephantine Change Healthcare utilized a group of stolen credentials to remotely entree nan company’s systems that weren’t protected by multi-factor authentication, according to nan main executive of its genitor company, UnitedHealth.

UnitedHealth CEO Andrew Witty provided nan written testimony up of a House subcommittee proceeding connected Wednesday into nan February ransomware onslaught that caused months of disruption crossed nan U.S. healthcare system.

This is nan first clip nan wellness security elephantine has fixed an appraisal of really hackers collapsed into Change Healthcare’s systems, during which monolithic amounts of wellness information were exfiltrated from its systems. UnitedHealth said past week that nan hackers stole wellness information connected a “substantial proportionality of group successful America.”

Change Healthcare processes wellness security and billing claims for astir half of each U.S. residents.

According to Witty’s testimony, nan criminal hackers “used compromised credentials to remotely entree a Change Healthcare Citrix portal.” Organizations for illustration Change usage Citrix package to fto labor entree their activity computers remotely connected their soul networks. Witty did not elaborate connected really nan credentials were stolen.

However, Witty did opportunity nan portal “did not person multi-factor authentication,” which is simply a basal information characteristic that prevents nan misuse of stolen passwords by requiring a 2nd codification sent to an employee’s trusted device, specified arsenic their phone. It’s not known why Change did not group up multi-factor authentication connected this system, but this will apt go a attraction for investigators trying to understand imaginable deficiencies successful nan insurer’s systems.

“Once nan threat character gained access, they moved laterally wrong nan systems successful much blase ways and exfiltrated data,” said Witty.

Witty said the hackers deployed ransomware 9 days later connected February 21, prompting nan wellness elephantine to shut down its network to incorporate nan breach.

UnitedHealth confirmed past week that nan institution paid a ransom to nan hackers who claimed work for nan cyberattack and nan consequent theft of terabytes of stolen data. The hackers, known arsenic RansomHub, are nan 2nd pack to laic declare to nan information theft aft posting a information of nan stolen information to nan acheronian web and demanding a ransom to not waste nan information.

UnitedHealth earlier this period said nan ransomware onslaught costs it much than $870 cardinal successful nan first quarter, successful which nan institution made adjacent to $100 cardinal successful revenue.