Cybercriminals exploited the absence of multi-factor authentication on a legacy server to infiltrate UnitedHealth subsidiary Change Healthcare, CEO Andrew Witty told a congressional committee. Up to a third of Americans had personal and health information stolen in the attack. Witty apologised and pledged to make UnitedHealth’s cyber defences “stronger than ever”. The insurance provider paid a $22m Bitcoin ransom and has since provided $6.5bn in accelerated payments to affected providers.
US charges suspected LockBit ransomware developer
The US Department of Justice has charged Rostislav Panev, alleged developer for the LockBit ransomware group, with 41 counts including wire fraud and extortion. Panev,