Navigation
Search
|
Change Healthcare Hackers Broke In Using Stolen Credentials, No MFA
Tuesday April 30, 2024. 11:00 PM , from Slashdot
According to Witty's testimony, the criminal hackers 'used compromised credentials to remotely access a Change Healthcare Citrix portal.' Organizations like Change use Citrix software to let employees access their work computers remotely on their internal networks. Witty did not elaborate on how the credentials were stolen. However, Witty did say the portal 'did not have multifactor authentication,' which is a basic security feature that prevents the misuse of stolen passwords by requiring a second code sent to an employee's trusted device, such as their phone. It's not known why Change did not set up multifactor authentication on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer's systems. 'Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data,' said Witty. Witty said the hackers deployed ransomware nine days later on February 21, prompting the health giant to shut down its network to contain the breach. Last week, the medical firm admitted that it paid the ransomware hackers roughly $22 million via bitcoin. Meanwhile, UnitedHealth said the total costs associated with the ransomware attack amounted to $872 million. 'The remediation efforts spent on the attack are ongoing, so the total costs related to business disruption and repairs are likely to exceed $1 billion over time, potentially including the reported $22 million payment made [to the hackers],' notes The Register. Read more of this story at Slashdot.
https://it.slashdot.org/story/24/04/30/2019222/change-healthcare-hackers-broke-in-using-stolen-crede...
Related News |
25 sources
Current Date
May, Sat 18 - 14:09 CEST
|