UnitedHealth CEO defends ransom payment in testimony on cyberattack

The CEO of UnitedHealth Group connected Wednesday defended his unilateral determination to salary ransom successful nan midst of a awesome cyberattack against nan institution earlier this year. 

In February, a Russia-based hacker group infiltrated nan machine system of UnitedHealth subsidiary Change Healthcare successful an onslaught that shut down operations at hospitals and pharmacies for much than a week. In his written testimony prepared for Wednesday's proceeding connected Capitol Hill, UnitedHealth CEO Andrew Witty defended nan wellness giant's determination to salary a ransom to nan cybercriminals and explained really nan onslaught began. 

"Criminals utilized compromised credentials to remotely entree a Change Healthcare Citrix portal, an exertion utilized to alteration distant entree to desktops," Witty said, sharing specifications connected what led to nan monolithic information breach. "The portal did not person multifactor authentication. Once nan threat character gained access, they moved laterally wrong nan systems successful much blase ways and exfiltrated data. Ransomware was deployed 9 days later."

UnitedHealth blamed nan breach connected ransomware pack ALPHV aliases BlackCat. The group itself claimed responsibility for nan attack, alleging it stole much than six terabytes of data, including "sensitive" aesculapian records, from Change Healthcare, which processes wellness security claims for patients who sojourn hospitals, aesculapian centers aliases pharmacies.

Witty besides confirmed successful his grounds that UnitedHealth paid a ransom magnitude to BlackCat, a determination he stated successful prepared remarks that he made connected his own. The institution has not disclosed nan magnitude of ransom handed complete to cybercriminals, but aggregate media sources person reported that it paid $22 million in nan shape of bitcoin. 

Deciding to salary nan ransom "was 1 of nan hardest decisions I've ever had to make and I wouldn't wish it connected anyone," Witty said.

The standard of nan onslaught — Change Healthcare processes 15 cardinal transactions a year, according to nan American Hospital Association — meant that moreover patients who weren't customers of UnitedHealth were perchance affected. The onslaught has already cost UnitedHealth Group astir $900 million, institution officials said successful reporting first-quarter net past week.

Ransomware attacks, which involve disabling a target's machine systems, person go progressively communal wrong nan wellness attraction industry. The yearly number of ransomware attacks against hospitals and different wellness attraction providers doubled from 2016 to 2021, according to a 2022 study published successful JAMA Health Forum.