UnitedHealth’s CEO confirmed a lack of cybersecurity enforcement led to the ransomware attack on Change Healthcare in February. A group called BlackCat/ALPHV used compromised credentials to access a Change Healthcare portal and stole data despite the company publishing advice on cybersecurity. To restore functions and data access, UnitedHealth’s CEO authorized payment of $22 million in ransom. The lapse in security comes as the company has yet to identify the quantity of stolen data and notify victims.