UnitedHealth CEO: Paying Ransom Was 'Hardest Decision' Ever
BankInfoSecurity
|
Contributed by: Drex DeFord
Summary
In testimony before Congress, UnitedHealth Group CEO Andrew Witty described the decision to pay a ransom following a cyberattack on Change Healthcare as one of his toughest choices. The attack, perpetrated by cybercriminals exploiting a Citrix portal without multifactor authentication, led to significant disruption and a complex recovery involving major tech firms. The absence of multifactor authentication was pinpointed as a crucial vulnerability. Despite paying the ransom, the company faced questions about possibly paying multiple ransoms and its efforts to protect sensitive health information. This incident has sparked broader discussions on cybersecurity in the healthcare industry, with experts urging the adoption of phishing-resistant multifactor authentication to prevent similar attacks.