Monday, May 13, 2024

More info emerges on the UnitedHealth cyber incident

None of it is good for UnitedHealth.  Multiple rookie security failures - including no use of multi-factor authentication for remote login, no network segmentation, and no internal security threat hunting. 

I don't know if there will be lawsuits over this, but this is all basically indefensible.  After all, they are a healthcare provider, and HIPAA/HITECH mandates all of this.

1 comment:

Igor said...

Oh, I'm frickkin' sure they will whitewash all their sins because they are Too Big To Fail - read: we donate a LOT of money to politicians!