Inexperienced CISO Held Responsible for Cyberattack on Change Healthcare

Published:

spot_img

Senator Wyden Urges Investigation into UnitedHealth Group’s Cybersecurity Practices and Calls for Accountability

Senator Ron Wyden, Chairman of the Senate Committee on Finance, has called for a thorough investigation into UnitedHealth Group’s (UHG) cybersecurity practices following a devastating cyberattack on its subsidiary, Change Healthcare. In a letter to federal regulators, Senator Wyden emphasized the need to hold UHG, its senior executives, and board of directors accountable for the harm caused to consumers, investors, the healthcare industry, and U.S. national security.

The cyberattack on Change Healthcare, which Senator Wyden linked to the SolarWinds data breach, has raised serious concerns about UHG’s cybersecurity integrity. The appointment of a Chief Information Security Officer with no prior full-time experience in cybersecurity has been highlighted as a clear example of corporate negligence that has put stakeholders at risk.

The incident involved hackers exploiting a remote access server at Change Healthcare that lacked multi-factor authentication, leading to a ransomware infection that disrupted UHG’s operations. UHG CEO Andrew Witty admitted during a Senate Finance Committee hearing that the company’s MFA policy was not uniformly implemented across all external servers, exposing broader cybersecurity deficiencies.

Senator Wyden pointed out that the failure to implement MFA on all servers contradicts industry standards and regulatory expectations, as mandated by the FTC’s Safeguards Rule. The financial implications of the breach, estimated at over a billion dollars by UHG, underscore the importance of robust cybersecurity practices for investor confidence and market stability.

Wyden’s call for regulatory action underscores the need for accountability in corporate governance regarding cybersecurity risks. The investigation into UHG’s cybersecurity and technology practices aims to determine if federal laws were violated and to address the oversight failures of the Audit and Finance Committee responsible for cybersecurity risk oversight. As cybersecurity threats continue to evolve, the case serves as a stark reminder of the critical importance of proactive cybersecurity measures in safeguarding sensitive data and maintaining business continuity.

spot_img

Related articles

Recent articles

Victoria’s Secret Website Temporarily Offline Due to Security Breach

The Victoria’s Secret website is currently offline due to a recent security incident, marking another significant cyber event affecting the retail industry....

TGS to Join 2025 U.S.-Africa Energy Forum as Data Activity in Africa Grows

U.S.-Africa Energy Forum: A Platform for Innovation and Investment Introduction to the Forum The U.S.-Africa Energy Forum (USAEF) is set to take place in Houston on...

Victoria’s Secret Faces Outage After Cybersecurity Breach

Victoria’s Secret Faces Disruption Amid Cybersecurity Incident Victoria’s Secret, a leading name in lingerie and fashion, is currently navigating significant disruptions following a cybersecurity incident...

FortiGuard Uncovers Ongoing Cyberattack Threatening Middle Eastern Infrastructure

Unmasking the Threat: A Focus on Lumma Stealer and Cybersecurity Resilience Understanding the Malware Landscape In an increasingly interconnected world, the prevalence of cyber threats continues...