fbpx

The CEO of UnitedHealth Group on Wednesday defended his unilateral decision to pay ransom in the midst of a major cyberattack against the company earlier this year.

In February, a Russia-based hacker group infiltrated the computer system of UnitedHealth subsidiary Change Healthcare in an attack that shut down operations at hospitals and pharmacies for more than a week. In his written testimony prepared for Wednesday’s hearing on Capitol Hill, UnitedHealth CEO Andrew Witty defended the health giant’s decision to pay a ransom to the cybercriminals and explained how the attack began.

“Criminals used compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops,” Witty said, sharing details on what led to the massive data breach. “The portal did not have multifactor authentication. Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later.”

UnitedHealth blamed the breach on ransomware gang ALPHV or BlackCat. The group itself claimed responsibility for the attack, alleging it stole more than six terabytes of data, including “sensitive” medical records, from Change Healthcare, which processes health insurance claims for patients who visit hospitals, medical centers or pharmacies.

Witty also confirmed in his testimony that UnitedHealth paid a ransom amount to BlackCat, a decision he stated in prepared remarks that he made on his own. The company has not disclosed the amount of ransom handed over to cybercriminals, but multiple media sources have reported that it paid $22 million in the form of bitcoin.

Menu