zackwhittaker,
@zackwhittaker@mastodon.social avatar

New, by me: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company's systems that weren't protected by MFA, according to the CEO of its parent company UnitedHealth.

It’s not known why Change did not set up MFA on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer’s systems.

More: https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/

zackwhittaker,
@zackwhittaker@mastodon.social avatar

To put this into context, one of the world's wealthiest companies storing some of America's most sensitive data was hacked with relative ease because the company couldn't be bothered to switch on a basic security feature for its employees' logging in.

https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/

ErikJonker,
@ErikJonker@mastodon.social avatar

@zackwhittaker How did they pass regular audits and oversight 🤔

osma,
@osma@mas.to avatar

@zackwhittaker
On the bright side - it wasn't an Internet connected database with root/root as authentication, like

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • kavyap
  • ngwrru68w68
  • osvaldo12
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • thenastyranch
  • Youngstown
  • khanakhh
  • everett
  • slotface
  • tacticalgear
  • rosin
  • cisconetworking
  • JUstTest
  • Leos
  • GTA5RPClips
  • ethstaker
  • InstantRegret
  • cubers
  • modclub
  • Durango
  • anitta
  • tester
  • normalnudes
  • megavids
  • provamag3
  • lostlight
  • All magazines
    •