Change Healthcare hackers broke in using stolen credentials and no MFA says UHG CEO TechCrunch
pCommentppThe ransomware gang that hacked into US health tech giant Change Healthcare used a set of stolen credentials to remotely access the companys systems that werent protected by multifactor authentication MFA according to the chief executive of its parent company UnitedHealth Group UHGppUnitedHealth CEO Andrew Witty provided the written testimony ahead of a House subcommittee hearing on Wednesday into the February ransomware attack that caused months of disruption across the US healthcare systemppThis is the first time the health insurance giant has given an assessment of how hackers broke into Change Healthcares systems during which massive amounts of health data were exfiltrated from its systems UnitedHealth said last week that the hackers stole health data on a substantial proportion of people in AmericappChange Healthcare processes health insurance and billing claims for around half of all US residentsppAccording to Wittys testimony the criminal hackers used compromised credentials to remotely access a Change Healthcare Citrix portal Organizations like Change use Citrix software to let employees access their work computers remotely on their internal networksppWitty did not elaborate on how the credentials were stolen The Wall Street Journal first reported the hackers use of compromised credentials last weekppHowever Witty did say the portal did not have multifactor authentication which is a basic security feature that prevents the misuse of stolen passwords by requiring a second code sent to an employees trusted device such as their phone Its not known why Change did not set up multifactor authentication on this system but this will likely become a focus for investigators trying to understand potential deficiencies in the insurers systemsppOnce the threat actor gained access they moved laterally within the systems in more sophisticated ways and exfiltrated data said WittyppWitty said the hackers deployed ransomware nine days later on February 21 prompting the health giant to shut down its network to contain the breachppUnitedHealth confirmed last week that the company paid a ransom to the hackers who claimed responsibility for the cyberattack and the subsequent theft of terabytes of stolen data The hackers known as RansomHub are the second gang to lay claim to the data theft after posting a portion of the stolen data to the dark web and demanding a ransom to not sell the informationppUnitedHealth earlier this month said the ransomware attack cost it more than 870 million in the first quarter in which the company made close to 100 billion in revenueppUnitedHealth says Change hackers stole health data on substantial proportion of people in AmericappppEvery weekday and Sunday you can get the best of TechCrunchs coverageppStartups are the core of TechCrunch so get our best coverage delivered weeklyppThe latest Fintech news and analysis delivered every TuesdayppTechCrunch Mobility is your destination for transportation news and insightppBy submitting your email you agree to our Terms and Privacy Notice
ppPrompt engineering became a hot job last year in the AI industry but it seems Anthropic is now developing tools to at least partially automate it Anthropic released several new ppHebbia a startup that uses generative AI to search large documents and respond to large questions has raised a 130 million Series B at a roughly 700 million valuation led ppNovoNutrients has raised a 18 million Series A round from investors to build a pilotscale facility to prove that its fermentation process works at scale ppSeven years ago Uber and Lyft blocked an effort to require ridehailing app drivers to get fingerprinted in California But by launching Uber for Teens earlier this year the company ppFastfood chain Whataburgers app has gone viral in the wake of Hurricane Beryl which left around 18 million utility customers in Houston Texas without power Hundreds of thousands of those ppBumbles new reporting option arrives at a time when unfortunately AIgenerated photos on dating apps are common ppThe concept of Airchat is fun especially if youre someone who loves to send voice memos instead of typing out long paragraphs on your phone keyboard ppFeatured ArticleppHere is a timeline of the events that led fledgling automaker Fisker to file for bankruptcy ppAhead of these potential competitors comes Openvibe a simple aggregator for the open social web ppWelcome to TechCrunch Fintech Last week was a holiday in the United States so news was a bit lighter than normal But there was still fintechrelated items to report including ppFisker Inc cofounders Henrik Fisker and his wife Geeta GuptaFisker are lowering their salaries to 1 in order to keep their failed EV startups bankruptcy proceedings funded as lawyers work ppAfter announcing a whopping 20 million seed last year Unlikely AI founder William TunstallPedoe has kept the budding UK foundation model makers approach under lock and key Until now TechCrunch ppWere excited to invite Jesse Pollak to TechCrunch Disrupt 2024 to talk about the future of decentralization ppInfactory is a kind of factchecking search engine that will be focused exclusively on data at launch ppIn a first the Federal Trade Commission is banning an app from serving users under the age of 18 The agency announced on Tuesday that its banning NGL an anonymous ppWhen people start navigation on Google Maps the vehicles speed is shown in miles or kilometers depending on the region ppDesign and animation are core to the Duolingo experience which makes learning a new language or skill more like a game rather than a task to be dreaded ppTwo of my friends died within the last three years By some coincidence both of their birthdays fall in the beginning of July So twice this week Facebook has reminded ppRunning a small business means doing more with less AI agents can help but building custom agents for specific workflows remains challenging even with todays lowcodenocode tools The idea behind ppThe feature puts Spotify in more direct competition with YouTube as a place where creators can interact with their listeners ppA new iOS app called Wayther wants to help you better plan your road trips by giving you realtime road conditions and weather forecasts along your route Created by indie ppEvolve has confirmed that the personal data of at least 76 million people was accessed during LockBits ransomware attack ppEtsy has been grappling with an influx of generic junk and AIgenerated products on its platform The service revised its seller policy on Tuesday introducing new labels that clarify whether ppSeae Ventures is acquiring Unseen Capital after the death of founder Kayode Owens in 2021 The combined firm will continue to invest in healthcare for minorities and underserved populations Owens ppApple released the third developer beta version of iOS 18 on Monday While there are no major new features like Apple Intelligence in this update there are some neat design ppA startup called DreamFlare AI is emerging from stealth on Tuesday with the goal of helping content creators make and monetize shortform AIgenerated content The company cofounded by former Google ppNala a remittance startup that is now widening its portfolio through a new B2B payments platform has raised 40 million equity in a rare deal that becomes one of the largest ppSolo founder Cat Jones took the plunge on setting up a travel business right around the time the pandemic was hitting Europe in March 2020 Fastforward to summer 2024 and ppAn adtech business owned by Microsoft is the target of a complaint backed by European privacy advocacy group noyb a nonprofit that punches far above its weight when it ppQuora says that Previews works best with chatbots that excel at programming like Claude 35 Sonnet GPT4o and Googles Gemini 15 Pro ppPowered by WordPress VIPp
ppPrompt engineering became a hot job last year in the AI industry but it seems Anthropic is now developing tools to at least partially automate it Anthropic released several new ppHebbia a startup that uses generative AI to search large documents and respond to large questions has raised a 130 million Series B at a roughly 700 million valuation led ppNovoNutrients has raised a 18 million Series A round from investors to build a pilotscale facility to prove that its fermentation process works at scale ppSeven years ago Uber and Lyft blocked an effort to require ridehailing app drivers to get fingerprinted in California But by launching Uber for Teens earlier this year the company ppFastfood chain Whataburgers app has gone viral in the wake of Hurricane Beryl which left around 18 million utility customers in Houston Texas without power Hundreds of thousands of those ppBumbles new reporting option arrives at a time when unfortunately AIgenerated photos on dating apps are common ppThe concept of Airchat is fun especially if youre someone who loves to send voice memos instead of typing out long paragraphs on your phone keyboard ppFeatured ArticleppHere is a timeline of the events that led fledgling automaker Fisker to file for bankruptcy ppAhead of these potential competitors comes Openvibe a simple aggregator for the open social web ppWelcome to TechCrunch Fintech Last week was a holiday in the United States so news was a bit lighter than normal But there was still fintechrelated items to report including ppFisker Inc cofounders Henrik Fisker and his wife Geeta GuptaFisker are lowering their salaries to 1 in order to keep their failed EV startups bankruptcy proceedings funded as lawyers work ppAfter announcing a whopping 20 million seed last year Unlikely AI founder William TunstallPedoe has kept the budding UK foundation model makers approach under lock and key Until now TechCrunch ppWere excited to invite Jesse Pollak to TechCrunch Disrupt 2024 to talk about the future of decentralization ppInfactory is a kind of factchecking search engine that will be focused exclusively on data at launch ppIn a first the Federal Trade Commission is banning an app from serving users under the age of 18 The agency announced on Tuesday that its banning NGL an anonymous ppWhen people start navigation on Google Maps the vehicles speed is shown in miles or kilometers depending on the region ppDesign and animation are core to the Duolingo experience which makes learning a new language or skill more like a game rather than a task to be dreaded ppTwo of my friends died within the last three years By some coincidence both of their birthdays fall in the beginning of July So twice this week Facebook has reminded ppRunning a small business means doing more with less AI agents can help but building custom agents for specific workflows remains challenging even with todays lowcodenocode tools The idea behind ppThe feature puts Spotify in more direct competition with YouTube as a place where creators can interact with their listeners ppA new iOS app called Wayther wants to help you better plan your road trips by giving you realtime road conditions and weather forecasts along your route Created by indie ppEvolve has confirmed that the personal data of at least 76 million people was accessed during LockBits ransomware attack ppEtsy has been grappling with an influx of generic junk and AIgenerated products on its platform The service revised its seller policy on Tuesday introducing new labels that clarify whether ppSeae Ventures is acquiring Unseen Capital after the death of founder Kayode Owens in 2021 The combined firm will continue to invest in healthcare for minorities and underserved populations Owens ppApple released the third developer beta version of iOS 18 on Monday While there are no major new features like Apple Intelligence in this update there are some neat design ppA startup called DreamFlare AI is emerging from stealth on Tuesday with the goal of helping content creators make and monetize shortform AIgenerated content The company cofounded by former Google ppNala a remittance startup that is now widening its portfolio through a new B2B payments platform has raised 40 million equity in a rare deal that becomes one of the largest ppSolo founder Cat Jones took the plunge on setting up a travel business right around the time the pandemic was hitting Europe in March 2020 Fastforward to summer 2024 and ppAn adtech business owned by Microsoft is the target of a complaint backed by European privacy advocacy group noyb a nonprofit that punches far above its weight when it ppQuora says that Previews works best with chatbots that excel at programming like Claude 35 Sonnet GPT4o and Googles Gemini 15 Pro ppPowered by WordPress VIPp
