UnitedHealth’s CEO Slammed Over Cyberattack

Mr. Wyden talked about that UnitedHealth had didn’t implement most likely probably the most main sort of cybersecurity measure — so-called multifactor authentication.

Mr. Witty talked about that as of Wednesday, all of UnitedHealth’s “external-facing packages” have been deploying that sort of authentication. The company had moreover launched in exterior groups to do additional scanning of the company’s know-how, he added, and had employed Mandiant, a cybersecurity company, as an adviser.

“That’s some main stuff that was missed,” Senator Thom Tillis, Republican of North Carolina, talked about, holding up a reproduction of the information “Hacking for Dummies.”

The listening to gave Mr. Witty the likelihood to produce a additional detailed timeline of the hack and the response to it.

The cybercriminals gained entry to Change’s packages on Feb. 12, 9 days sooner than UnitedHealth realized it needed to shut them down. Mr. Witty emphasised that the company shortly prevented the assault from spreading previous Change to the dad or mum agency or any of its completely different fashions, like Optum or the properly being insurer. “We contained the blast range merely to Change,” he talked about.