None of it is good for UnitedHealth. Multiple rookie security failures - including no use of multi-factor authentication for remote login, no network segmentation, and no internal security threat hunting.
I don't know if there will be lawsuits over this, but this is all basically indefensible. After all, they are a healthcare provider, and HIPAA/HITECH mandates all of this.
Oh, I'm frickkin' sure they will whitewash all their sins because they are Too Big To Fail - read: we donate a LOT of money to politicians!
ReplyDelete