UnitedHealth Group CEO Andrew Witty will testify before Congress on May 1 that threat actors used compromised credentials to remotely access a Change Healthcare Citrix portal — a portal that lacked multifactor authentication (MFA), a basic tenet of cybersecurity. The Change Healthcare case, in which Change Healthcare’s parent company UnitedHealth reportedly paid a $22 million ransom to ALPHV/BlackCat, has become the most wide-ranging cyberattack ever in the healthcare sector because Change Healthcare processes 15 billion healthcare transactions annually, affecting 1 in 3 patients.
Source: SC Magazine