Change Healthcare Cyberattack Toll Could Reach Alm
Post# of 152
Andrew Witty, the CEO of UnitedHealth Group, gave his testimony on the ransomware attack on Change Healthcare to the Senate Finance Committee in June. The attack occurred in February of this year, with the initial point of entry for the ransomware being a server whose multifactor authentication hadn’t been enabled. This is despite the fact that multifactor authentication is a standard practice for servers exposed to the public internet.
After gaining access to the server, the ransomware then acquired access to the Microsoft Active Directory Server.
This ransomware attack was a wake-up call to others in the healthcare industry, prompting them to review their cybersecurity and IT contingency plans and priorities in preparation for a similar incident.
Last week, Chair of the Senate Finance Committee Ron Wyden wrote to Witty asking for answers to queries raised at the hearing which weren’t sufficiently answered. In his letter, Wyden stated that the testimony given offered vague and unclear information about the incident, despite the fact that it was caused by lax cybersecurity practices from Witty’s firm.
UnitedHealth Group soon confirmed that 3rd party security auditors had been hired regularly to review Change Healthcare’s tech infrastructure.
Wyden also asked that Witty confirm if the server whose authentication hadn’t been enabled was included in those audits, as well as whether the method used by ransomware affiliates to access privileges was identified by the auditors. Additionally, he asked that it be confirmed if the defenses implemented following the attack to ensure the technique couldn’t be used again and whether the said defenses had been tested to ensure effectiveness.
It is yet to be confirmed how many individuals were impacted by the ransomware attack, with a Q3 report issued by UnitedHealth Group showing that the cost of the ransomware attack had risen to $2.8 billion.
The firm’s Q1 earnings report estimated total losses following the attack to be $1.6 billion. By the end of the second quarter, the estimate had risen to between $2.3 and 2.4 billion. Projections suggest that as this year ends, the cost could reach $2.87bn.
During an earnings call last week, Witty explained that they prioritized resource allocation to support care providers following the cyberattack. In a statement, he revealed that despite making significant progress to recover from the attack and bring systems back online, the company’s transaction volumes still hadn’t reached levels recorded prior to the cyberattack.
He added that they remained focused on working with consumers to increase transaction volumes and acquire new business using their secure, modern, and capable offerings.
The ransomware attack suffered by Change Healthcare offers significant learning moments for other enterprises like HealthLynked Corp. (OTCQB: HLYK) on how critical it is to treat matters of data security as top priority.
NOTE TO INVESTORS: The latest news and updates relating to HealthLynked Corp. (OTCQB: HLYK) are available in the company’s newsroom at https://ibn.fm/HLYK
Please see full terms of use and disclaimers on the BioMedWire website applicable to all content provided by BMW, wherever published or re-published: http://BMW.fm/Disclaimer