Topics
Latest
AI
Amazon
Image Credits:Kent Nishimura / Getty Images
Apps
Biotech & Health
Climate
Image Credits:Kent Nishimura / Getty Images
Cloud Computing
DoC
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
stake
Government & Policy
computer hardware
Layoffs
Media & Entertainment
Meta
Microsoft
seclusion
Robotics
security department
societal
Space
Startups
TikTok
transportation system
Venture
More from TechCrunch
consequence
Startup Battlefield
StrictlyVC
newssheet
Podcasts
video
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
UnitedHealth Group Chief Executive Officer Andrew Witty told senator on Wednesday that the companionship has now enabled multi - factor authentication on all the company ’s systems exposed to the internet in response to the late cyberattack against its subsidiary company Change Healthcare .
The want of multi - factor hallmark was at the center field ofthe ransomware attack that hit Change Healthcare earlier this twelvemonth , which affect pharmacies , hospitals and doctors ’ offices across the United States . Multi - factor authentication , or MFA , is a introductory cybersecurity mechanics that prevents hacker from give into accounting or systems with a slip password by expect a 2d computer code to sign in .
Ina written statementsubmitted on Tuesday forward of two congressional earshot , Witty divulge that hackers used a circle of stolen certificate to access a Change Healthcare waiter , which he saidwas not protected by multi - factor authentication . After breaking into that server , the hacker were then able-bodied to move into other company systems to exfiltrate data , and later cypher it with ransomware , Witty said in the statement .
Today , duringthe firstof those two hearings , Witty face questions about the cyberattack from senators on the Finance Committee . In answer to questions by Sen. Ron Wyden , Witty say that “ as of today , across the whole of UHG , all of our external - face systems have got multi - factor authentication enable . ”
“ We have an enforced policy across the organization to have multi - factor hallmark on all of our external system of rules , which is in place , ” Witty say .
When need to confirm Witty ’s financial statement , UnitedHealth Group ’s voice Anthony Marusic tell TechCrunch that Witty “ was very well-defined with his financial statement . ”
Witty blamed the fact that Change Healthcare ’s systems had not yet been promote after UnitedHealth Group acquire the caller in 2022 .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
“ We were in the process of upgrading the technology that we had acquired . But within there , there was a server , which I ’m incredibly discomfited to tell you , was not protected by MFA , ” Witty said . “ That was the host through which the cybercriminals were able to get into Change . And then they led off a ransomware attack , if you will , which encrypted and froze large parts of the system . ”
Witty also say that the company is still function on understanding on the button why that server did not have multi - factor hallmark enabled .
Wyden knock the company ’s nonstarter to upgrade the server . “ We heard from your people that you had a policy , but you all were n’t carry it out . And that ’s why we have the problem , ” Wyden said .
UnitedHealth has yet to apprise people that were bear on by the cyberattack , Witty said during the hearing , reason that the party still postulate to mold the extent of the plug and the steal information . As of now , the company has only said thathackers stole personal and wellness info dataof “ a substantial proportion of people in America . ”
Last month , UnitedHealth said that it paid $ 22 million to the drudge who broke into the company ’s systems . Witty confirmed that payment during the Senate sense of hearing .
