UnitedHealth Hack: Cyber Attack Compromises Protected Health Information, Prompts Free Identity Theft Protection and Credit Monitoring
A cyberattack that compromised files containing protected health information and personally identifiable information has impacted a large number of people in America, with the notification process expected to take months. UnitedHealth, which was recently affected by the attack, is offering free identity theft protection and credit monitoring to those affected.
During a hearing with the U.S. Senate Committee on Finance, UnitedHealth confirmed that it paid a $22 million ransom to hackers who breached Change Healthcare’s IT network in February. The payment was made in bitcoin. The cyberthreat actor breached part of Change Healthcare’s IT network and caused disruptions across the health-care sector. The hackers used compromised credentials to infiltrate the systems and deployed ransomware that encrypted the network.
UnitedHealth CEO, Witty, stated in written testimony that the initial portal accessed by the hackers did not have multifactor authentication in place. However, the company has now implemented MFA across all external-facing systems to enhance security measures.