Walmart announced the closure of all its health-care clinics across the United States, marking a significant reversal from its prior expansion plans in the health sector, including primary care, dental, and telehealth services. Citing a broken business model, operational challenges, and financial losses driven by high operating costs and a challenging reimbursement environment, the company decided to shutter its 51 clinic locations in states like Arkansas, Florida, Georgia, Illinois, and Texas, without affecting its pharmacies and vision centers. This decision comes after earlier announcements of expansion and amidst a backdrop of the company struggling with high executive turnover and competitive dynamics in healthcare. Walmart's move represents another example of the difficulties companies face when trying to disrupt the traditional, complex, and costly American healthcare system.

Walmart to shutter health centers, virtual care service in latest failed push into health care CNBC

Microsoft is grappling with the consequences of long-ignored security warnings, facing significant reputational damage after a series of breaches linked to nation-state actors. The software giant, known for its dominance in the cloud and enterprise markets, has suffered from two major security incidents affecting its core platforms and exposing sensitive data from top executives, corporate customers, and federal agencies. Despite Microsoft's stature and vast security customer base, critics argue that the company's focus on market dominance and revenue-generating security investments has led to inadequate attention to fundamental security practices. The recent breaches and government directives highlight the urgent need for Microsoft to revamp its security approach, moving towards zero-trust initiatives and more substantial infrastructure investments to fend off future attacks and reestablish trust amongst its vast user base.

At Microsoft, years of security debt come crashing down Cybersecurity Dive

In testimony before Congress, UnitedHealth Group CEO Andrew Witty described the decision to pay a ransom following a cyberattack on Change Healthcare as one of his toughest choices. The attack, perpetrated by cybercriminals exploiting a Citrix portal without multifactor authentication, led to significant disruption and a complex recovery involving major tech firms. The absence of multifactor authentication was pinpointed as a crucial vulnerability. Despite paying the ransom, the company faced questions about possibly paying multiple ransoms and its efforts to protect sensitive health information. This incident has sparked broader discussions on cybersecurity in the healthcare industry, with experts urging the adoption of phishing-resistant multifactor authentication to prevent similar attacks.

UnitedHealth CEO: Paying Ransom Was 'Hardest Decision' Ever BankInfoSecurity

UnitedHealth has disclosed that its subsidiary, Change Healthcare, was victim to a BlackCat ransomware attack after attackers used stolen credentials to access the company's Citrix remote access service, which lacked multi-factor authentication. The breach, occurring in late February 2024, led to significant operational disruptions, affecting vital services such as payment processing and insurance claims, with financial damages estimated at $872 million. UnitedHealth later admitted to paying a ransom in an effort to protect compromised data, despite the details of the attack not being fully disclosed. The organization has undertaken extensive remediation efforts, including system upgrades and network rebuilds, aimed at restoring affected services and enhancing security measures. Additionally, an update mentions that stolen Change Healthcare employee Citrix credentials were detected on February 8 by Hudson Rock's threat intelligence platform, though it's unclear if these credentials were directly linked to the ransomware attack.

Change Healthcare hacked using stolen Citrix account with no MFA BleepingComputer