UnitedHealth CEO Andrew Witty defends ransom payment in testimony on cyberattack

The CEO of UnitedHealth Group on Wednesday defended his unilateral decision to pay ransom in the midst of a major cyberattack against the company earlier this year. 

In February, a Russia-based hacker group infiltrated the computer system of UnitedHealth subsidiary Change Healthcare in an attack that shut down operations at hospitals and pharmacies for more than a week. In his written testimony prepared for Wednesday's hearing on Capitol Hill, UnitedHealth CEO Andrew Witty defended the health giant's decision to pay a ransom to the cybercriminals and explained how the attack began. 

"Criminals used compromised credentials to remotely access a Change Healthcare Citrix portal, an application used to enable remote access to desktops," Witty said, sharing details on what led to the massive data breach. "The portal did not have multifactor authentication. Once the threat actor gained access, they moved laterally within the systems in more sophisticated ways and exfiltrated data. Ransomware was deployed nine days later."