Techly NewsGet the app

Get the latest tech news

Change Healthcare hackers used stolen credentials and no MFA, says UHG CEO


UnitedHealth's CEO said in congressional testimony that the portal used by the hackers to break into Change Healthcare was not protected with a basic security feature.

UnitedHealth CEO Andrew Witty provided the written testimony ahead of a House subcommittee hearing on Wednesday into the February ransomware attack that caused months of disruption across the U.S. healthcare system. However, Witty did say the portal “did not have multi-factor authentication,” which is a basic security feature that prevents the misuse of stolen passwords by requiring a second code sent to an employee’s trusted device, such as their phone. UnitedHealth confirmed last week that the company paid a ransom to the hackers who claimed responsibility for the cyberattack and the subsequent theft of terabytes of stolen data.

Get the Android app

Or read this on TechCrunch

Read more on:

Photo of MFA

MFA

Photo of stolen credentials

stolen credentials

Photo of UHG

UHG

Related news:

News photo

Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack

News photo

Cisco Duo warns third-party data breach exposed SMS MFA logs

News photo

New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts

« Xubuntu 24.04: A minimal install that does what it says on the tin
Cats suffer H5N1 brain infections, blindness, death after drinking raw milk »