UnitedHealth Group CEO Andrew Witty testified before Congress on how threat actors exploited compromised credentials, gaining access to Change Healthcare's Citrix portal lacking MFA. This incident, culminating in a $22 million ransom payment to ALPHV/BlackCat, affected millions due to Change Healthcare's high transaction volume. The attack was a pivotal moment, revealing gaps in cybersecurity in the healthcare sector
Witty highlighted the need to enhance industry security standards collaboratively. Although a Citrix spokesperson clarified that access was through compromised credentials and not a flaw, the complexity of the attack chain involving ConnectWise and Citrix remains. Experts suggest that even with MFA, sophisticated threat actors can bypass security measures, emphasizing the importance of containment and recovery strategies. The incident underscores the ever-growing threat landscape and the critical need for proactive cybersecurity measures in healthcare. ```https://www.scmagazine.com/news/change-healthcare-incident-caused-by-compromised-citrix-credentials