Lawmakers questioned UnitedHealth Group CEO Andrew Witty about security lapses leading to the cyberattack on Change Healthcare, their response to the incident, the compromise of individuals' data, and the challenging process of notifying affected parties. The attack occurred while updating Change Healthcare's IT systems, revealing issues like missing multifactor authentication, outdated legacy systems, and the importance of cloud security. The CEO confirmed paying a $22 million ransom, expressed concerns on national security implications, and acknowledged the need for minimum cybersecurity standards in the healthcare ecosystem
While critical systems are back online, challenges in notification, backup redundancies, and exclusivity clauses were highlighted, emphasizing the importance of preparedness and timely response in data breaches. https://www.bankinfosecurity.com/lawmakers-grill-unitedhealth-ceo-on-change-healthcare-attack-a-24988