Today's Core Dump is brought to you by ThreatPerspective

The Verge - Securities

UnitedHealth data breach leaked info on over 100 million people





As reported by Bleeping Computer, UnitedHealth CEO Andrew Witty’s written testimony (PDF) to a House committee said the threat actors got in by using stolen credentials for a Citrix remote access service that lacked multifactor authentication.


On February 12, criminals used compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops. The portal did not have multi-factor authentication. Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later.

UnitedHealth paid the group a $22 million ransom. However, another operation threatened to continue leaking the data and may have secured a second ransom payment.






Published: 2024-10-25T11:19:33











© Segmentation Fault . All rights reserved.

Privacy | Terms of Use | Contact Us