UnitedHealth CEO Andrew Witty defends ransom payment in testimony on cyberattack
CBSN
The CEO of UnitedHealth Group on Wednesday defended his unilateral decision to pay ransom in the midst of a major cyberattack against the company earlier this year.
In February, a Russia-based hacker group infiltrated the computer system of UnitedHealth subsidiary Change Healthcare in an attack that shut down operations at hospitals and pharmacies for more than a week. In his written testimony prepared for Wednesday's hearing on Capitol Hill, UnitedHealth CEO Andrew Witty defended the health giant's decision to pay a ransom to the cybercriminals and explained how the attack began.
"Criminals used compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops," Witty said, sharing details on what led to the massive data breach. "The portal did not have multifactor authentication. Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later."
President Biden on Monday signed into law a defense bill that authorizes significant pay raises for junior enlisted service members, aims to counter China's growing power and boosts overall military spending to $895 billion despite his objections to language stripping coverage of transgender medical treatments for children in military families.
It's Christmas Eve, and Santa Claus is suiting up for his annual voyage from the North Pole to households around the world. In keeping with decades of tradition, the North American Aerospace Command, or NORAD, will once again track Santa's journey to deliver gifts to children before Christmas 2024, using an official map that's updated consistently to show where he is right now.
An anti-money laundering law called the Corporate Transparency Act, or CTA, appears to have been given new life after an appeals court on Monday determined its rules can be enforced as the case proceeds. The law requires small business owners to register with the Financial Crimes Enforcement Network, or FinCEN, by Jan. 1, or potentially pay fines of up to $10,000.