How this UnitedHealth hack puts data of one in three Americans at risk | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The largest US health insurer faced aggressive questions from some lawmakers over the February hacking incident, including concerns about whether its vast reach into myriad health-care operations concentrated risk that cybercriminals exploited. The hack snarled billions of dollars in payments for doctors and hospitals.

UnitedHealth CEO Andrew Witty faced tough questioning from Congressional committees this week regarding the February cyberattack on Change Healthcare, a subsidiary that processes nearly half of all US medical claims. The breach caused significant disruptions in claims processing, impacting patients and healthcare providers nationwide. According to Reuters, Witty acknowledged that hackers may have stolen the personal health information of “maybe a third” of Americans.

How the company flunked in securing data
Lawmakers grilled Witty about the company’s handling of the situation, particularly security lapses that allowed the attack. The cybercriminal gang AlphV reportedly gained access through stolen login credentials on an outdated server lacking multi-factor authentication. This vulnerability was especially concerning because the platform was recently acquired by UnitedHealth and undergoing upgrades. Additionally, it lacked safeguards recommended by a December 2023 FBI alert regarding AlphV targeting healthcare organizations.

To regain access to their systems, UnitedHealth reportedly paid a $22 million ransom in bitcoin. However, Witty admitted there’s no guarantee the data is secure, with another hacking group claiming to possess a copy.


National security implications of the hacking
Beyond the immediate impact on healthcare providers and patients, the Senate Finance Committee also explored the broader implications of the attack considering UnitedHealth’s vast size.

While Witty downplayed the company’s influence on the overall economy, Senator Bill Cassidy raised concerns about potential domino effects if UnitedHealth faltered due to its dominant role in claims processing.

The hack’s reach extends beyond financial disruption. The revelation that military personnel data was compromised raises national security concerns.

Senate Finance Committee Chairman Ron Wyden, emphasizing the heightened responsibility of large companies to protect their systems, called the attack a national security threat.

Lawmakers also criticized the lack of transparency surrounding the number of affected individuals and the full extent of the financial damage to providers.


Click Here For The Original Story From This Source.


National Cyber Security