The ransomware gang that hacked into U.S. well being tech large Change Healthcare used a set of stolen credentials to remotely entry the corporate’s programs that weren’t protected by multi-factor authentication, in response to the chief government of its guardian firm, UnitedHealth.
UnitedHealth CEO Andrew Witty supplied the written testimony forward of a Home subcommittee listening to on Wednesday into the February ransomware assault that brought on months of disruption throughout the U.S. healthcare system.
That is the primary time the medical health insurance large has given an evaluation of how hackers broke into Change Healthcare’s programs, throughout which huge quantities of well being knowledge have been exfiltrated from its programs. UnitedHealth mentioned final week that the hackers stole well being knowledge on a “substantial proportion of individuals in America.”
Change Healthcare processes medical health insurance and billing claims for round half of all U.S. residents.
In keeping with Witty’s testimony, the felony hackers “used compromised credentials to remotely entry a Change Healthcare Citrix portal.” Organizations like Change use Citrix software program to let staff entry their work computer systems remotely on their inside networks.
Witty didn’t elaborate on how the credentials have been stolen. The Wall Avenue Journal first reported the hacker’s use of compromised credentials final week.
Nonetheless, Witty did say the portal “didn’t have multi-factor authentication,” which is a primary security function that stops the misuse of stolen passwords by requiring a second code despatched to an worker’s trusted machine, corresponding to their telephone. It’s not recognized why Change didn’t arrange multi-factor authentication on this technique, however this can seemingly grow to be a spotlight for investigators attempting to know potential deficiencies within the insurer’s programs.
“As soon as the risk actor gained entry, they moved laterally inside the programs in additional refined methods and exfiltrated knowledge,” mentioned Witty.
Witty mentioned the hackers deployed ransomware 9 days afterward February 21, prompting the well being large to close down its community to include the breach.
UnitedHealth earlier this month mentioned the ransomware assault price it greater than $870 million within the first quarter, during which the corporate made near $100 billion in income.
