Da cook
Senator Ron Wyden (D-Ore.), Chairman of the Senate Finance Committee, has called on the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC) to investigate what he calls “negligent cybersecurity practices” that led to a February ransomware attack on a group UnitedHealth(New York Stock Exchange: United Nations).
Attack on the company Changing the health care unit, its impact Ability to pay service providers. It was also reported that UnitedHealth paid a sum of $22 million ransom for the hackers.
“This incident and the damage it caused, like so many other security breaches, was entirely preventable and is a direct result of corporate negligence,” Wyden wrote in a May 30 letter to FTC Chairwoman Lina Khan and SEC Chairman Gary Gensler. “UHG has publicly confirmed that the hackers gained their initial foothold by logging into a remote access server that was not protected by multi-factor authentication.”
He noted that the FTC has asked companies in other industries to require multi-factor authentication.
Wyden argued that UnitedHealth is likely guilty of other cybersecurity lapses. “Hackers gaining access to a single server for remote access should not result in a ransomware infection so severe that a company has to rebuild its digital infrastructure from scratch. UHG did not disclose how the hackers gained administrative privileges and moved horizontally from that first server.” To the rest of the company's technological infrastructure server.”
the The senator added The head of the company's information security office, Steven Martin, is likely unqualified for the position because he had never held a full-time cybersecurity position before being appointed to lead cybersecurity in June 2023.
Wyden concluded by saying that the cyberattack could have been prevented if UnitedHealth (UNH) had followed cybersecurity best practices.
