Threat actors used stolen credentials to access UnitedHealth systems, which lacked Multi-Factor Authentication (MFA).
United Healthcare Hack Causes Over $1B in Damages
Over one-third of Americans impacted by this data breach, caused by lack of MFA.
What is the attack?
Following successful access, the threat actors moved laterally, exfiltrated sensitive data, and ultimately deployed ransomware, severely disrupting the operations of healthcare providers.
Why did it get through?
Enterprises ability to perform real-time analysis and correlation of user behavior across interconnected environments to identify anomalies effectively.
Logs are large, too many false positives for a SIEM to monitor in isolation.
What is required to solve for this attack?
Identity + Risk based solutions that monitor the account activity logs.
Behavioral User/Human detection.
Multi-event detection to have an effective solution without false positives.