United Healthcare Attack Underscores Importance of Foundational Identity Hygiene

July 19, 2024

Identity security hygiene is not a new phenomenon. Many of the largest companies in the world, including those with the largest cybersecurity budgets, have experienced the aftermath of a ransomware attack where cyber actors breached defenses by exploiting weaknesses in enterprise identity security posture. The latest victim: Change Health, the business unit of United Healthcare, which suffered a ransomware attack on February 21st.

UHC CEO Andrew Witty, testifying before the House Energy and Commerce Committee, reported that the BlackCat cybercriminal gang remotely accessed a Change Healthcare Citrix portal through compromised login-credentials that lacked MFA. The impact of this ransomware event has not been trivial: the Change Healthcare unit processes about 50% of all U.S. medical claims and the BlackCat actors exfiltrated troves of corporate data, including PHI.

This higher-profile example underscores what many in the identity security and broader info-sec community already know – namely, that continuous enforcement of the basics of identity hygiene can be exceptionally complex, especially in large hybrid organizations with remote workforces and legacy systems. MFA is not a new security control, yet even heavily regulated organizations are not able to guarantee MFA on all accounts to key systems. As Francis Odum notes in his recent report on the Identity Security market landscape, "Between having multiple Active Directories, both cloud and on-premises workloads and databases, hundreds of SaaS applications, GenAI apps, and non-human identities there is still a big need to discover, catalog, visualize, and query all identities."


We founded Hydden to help make it easier for companies to understand their identity security landscape by providing complete visibility into every identity and every account across systems.

But visibility is only part of the solution. Cybersecurity teams need to apply the same paradigm of endpoint or network vulnerability management to their identity landscape. In particular, security leaders need a way to easily extract, enrich, and operationalize all of the intelligence about human and non-human identities, accounts, and groups that exist across dispersed systems. Unfortunately, many cyber teams, including MSSPs, lack this basic visibility, and are not able to proactively get ahead of emerging identity threats.

At Hydden, we have been on the front lines of the identity security battle for years – we’ve seen the IAM world shift from a largely infrastructure and ops paradigm to a primary-point of cyber defense. Unfortunately, legacy IAM tools haven’t kept up with this shift and CISOs are reluctant to undertake massive IAM transformations (like shifting all authentication to phishing-resistant passwordless authentication) due to the cost, complexity, and personal risk if (and when) something breaks. 

Enhancing visibility while reducing operational complexity is at the core of our Hydden platform. Interested in learning more? Click here to request a demo.