Techly NewsGet the app

Get the latest tech news

Change Healthcare Hackers Broke In Using Stolen Credentials, No MFA


An anonymous reader quotes a report from TechCrunch: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company's systems that weren't protected by multifactor authentication (MFA), according to the chief executive of...

UnitedHealth CEO Andrew Witty provided the written testimony ahead of a House subcommittee hearing on Wednesday into the February ransomware attack that caused months of disruption across the U.S. healthcare system. However, Witty did say the portal "did not have multifactor authentication," which is a basic security feature that prevents the misuse of stolen passwords by requiring a second code sent to an employee's trusted device, such as their phone. "The remediation efforts spent on the attack are ongoing, so the total costs related to business disruption and repairs are likely to exceed $1 billion over time, potentially including the reported $22 million payment made [to the hackers]," notes The Register.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of MFA

MFA

Photo of stolen credentials

stolen credentials

Photo of healthcare hackers

healthcare hackers

Related news:

News photo

Change Healthcare hacked using stolen Citrix account with no MFA

News photo

Change Healthcare hackers used stolen credentials and no MFA, says UHG CEO

News photo

Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack

« All Cars Sold in the US Will Soon Have to Be Able to Automatically Avoid a Crash