June 18, 2024

In response to the assault, Change Healthcare know-how infrastructure has been rebuilt from the bottom up. Change Healthcare’s knowledge heart community and core providers have been rebuilt with added server capability and higher reliance on the cloud.

Questions on insurance coverage reimbursements and the extent of the breach, which additionally exposed the personal information and medical data of an estimated one-in-three US residents, have been the main focus of two hearings that includes Witty final Wednesday, earlier than the Home Finance and Home Power and Commerce Committees.

Susceptible portal lacked MFA

Throughout the hearings, Witty defined how cybercriminals used compromised credentials to remotely entry a Change Healthcare Citrix portal, an software used to allow distant entry to desktops, on Feb. 12, 9 days earlier than the ransomware assault.

“The portal didn’t have multi-factor authentication,” Witty admitted.

Having gained entry into Change Healthcare’s programs, the cybercriminals moved laterally inside its programs to increase the scope of the breach earlier than exfiltrating knowledge.

UnitedHealth Group accomplished its acquisition of Change Healthcare in October 2022. The well being conglomerate inherited an ageing know-how infrastructure with factors of weak point that, with the advantage of hindsight are actually all too apparent.