UnitedHealth CISO: We had to \u2018start over\u2019 after ransomware attack<\/title> <meta name=\"description\" content=\"Steven Martin detailed the work recovering from the Change Healthcare attack, emphasizing that the mental toll was the toughest part of all.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/unitedhealth-group-steven-martin-ciso-ransomware-attack-recovery\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"UnitedHealth Group CISO: We had to \u2018start over\u2019 after Change Healthcare attack\"> <meta property=\"og:description\" content=\"Steven Martin detailed the work recovering from the Change Healthcare attack, emphasizing that the mental toll was the toughest part of all.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/unitedhealth-group-steven-martin-ciso-ransomware-attack-recovery\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-09-19T19:33:09+00:00\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:description\" content=\"Steven Martin detailed the work recovering from the Change Healthcare attack, emphasizing that the mental toll was the toughest part of all.\"> <meta name=\"twitter:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg\"> <meta name=\"twitter:creator\" content=\"@gregotto\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1725982252g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1725466133g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1724269863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81831\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81831\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Funitedhealth-group-steven-martin-ciso-ransomware-attack-recovery%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Funitedhealth-group-steven-martin-ciso-ransomware-attack-recovery%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81831 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/unitedhealth-group-steven-martin-ciso-ransomware-attack-recovery\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2024 CyberScoop 50 awards! <\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.406832298137\">\n<div class=\"single-article__header-content\" readability=\"31.717314487633\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/healthcare\/\"> <span>Healthcare<\/span> <\/a> <\/li>\n<\/ul>\n<p> Steven Martin detailed the work that went into recovering from February\u2019s ransomware attack, emphasizing that the mental toll was the toughest part of all. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"UnitedHealth Group office building\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg 2100w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-4.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Photo Courtesy of UnitedHealth Group) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"42.268682065217\"><body readability=\"84.585817060637\"><\/p>\n<p><strong>DENVER \u2014 <\/strong>UnitedHealth Group is still in the recovery process months after a ransomware attack on <a href=\"https:\/\/cyberscoop.com\/tag\/change-healthcare\/\">its Change Healthcare subsidiary<\/a>, with its chief information security officer saying the company has essentially \u201cstarted over\u201d with regard to its computer systems. <\/p>\n<p>\u201cWhen I say start over, I really, truly mean start over,\u201d Steven Martin said Thursday at the Mandiant Worldwide Information Security Exchange (mWISE). \u201cThe only thing that we kept from the old environment into the new environment was the cables. New routers, new switches, new compute infrastructure, deployed everything from a safe environment, truly started over. I felt like that was the only way that we could really ensure that we ended up with something that we could stand behind for the health care space, because it\u2019s what it deserved.\u201d <\/p>\n<p>The February attack on the UnitedHealth-owned medical payment processing company roiled U.S. health care providers and threatened some with <a href=\"https:\/\/cyberscoop.com\/ransomware-group-behind-change-healthcare-attack-goes-dark\/\">financial ruin<\/a>. A criminal group known interchangeably as ALPHV or BlackCat was responsible for the attack. Several cybercrime researchers believe the group earned <a href=\"https:\/\/cyberscoop.com\/alphv-steps-up-laundering-of-change-healthcare-ransom-payments\/\">$22 million in ransom payments<\/a> as a result. UnitedHealth Group CEO Andrew Witty <a href=\"https:\/\/cyberscoop.com\/change-healthcare-attack-stolen-data-ransom-andrew-witty-unitedhealth\/\">confirmed the $22 million figure<\/a> during a May congressional hearing. <\/p>\n<p>Martin said his team has been working to repair the damage since February, with some of that work continuing to this day. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWe\u2019re almost complete with the restoration process, but we worked for months \u2014 particularly in those early days, incredibly long hours \u2014 to restore those services,\u201d he said. <\/p>\n<p>He further explained the work that his team, along with the help of Mandiant\u2019s incident response unit, conducted after the attack, spelling out the long, arduous recovery process that included dozens of people working 20-hour days for weeks at a time. <\/p>\n<p>\u201cYou may not be able to muscle your way through [restoration] with 20-hour days,\u201d he said. \u201cWe tried for three weeks. That doesn\u2019t work. I think you have to get yourself in the mind frame that this is more like a marathon than a sprint. Make sure that you\u2019re staffed in a way that allows you to get all the way through that event in a really, really thoughtful way, because you\u2019re going to make hundreds of decisions.\u201d <\/p>\n<p>Martin chronicled some of those decisions on the conference stage, including those that weren\u2019t directly related to the recovery process. <\/p>\n<p>\u201cIf your playbook for running [incident response] only includes dealing with the incident itself, you\u2019re missing a lot of surface area.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>One particular area Martin concentrated on was communications, constantly staying in touch with customers and other CISOs about UnitedHealth\u2019s recovery process. <\/p>\n<p>\u201cWe did a public call across the industry where we outlined what had happened, and we outlined what we were doing,\u201d he said. \u201cWe did those meetings multiple times a week in the beginning, and getting on those calls and taking those questions in an open forum was tough, but it was the right thing to do. I don\u2019t know how many calls I ended up taking. I don\u2019t know how many text messages I ended up responding to. There was a lot, but I tried to be as available as I possibly could.\u201d <\/p>\n<p>Martin emphasized the importance of monitoring the mental health of recovery team members. Due to the high pressure of restoring normal business operations, he ensured health professionals and counselors were available for the dozens of staff involved in the recovery process.<\/p>\n<p>\u201cLife happens during these events,\u201d he said. \u201cYou have to acknowledge it, and you partner with the people that you\u2019re working with so, so, so intensely. And there\u2019s a bond that forms there with those folks and that you get to a point where you\u2019re looking each other in the eyes, and you\u2019re asking that critical question, \u2018Are you OK?\u2019\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"4.3537284894837\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"20.65963060686\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/senate-homeland-security-streamlining-cyber-regulations-bills\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"600\" height=\"331\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack.png?resize=600%2C331&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-1.png 2750w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-1.png?resize=300,166 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-1.png?resize=768,424 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-1.png?resize=1024,565 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-1.png?resize=1536,848 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-1.png?resize=2048,1130 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-1.png?resize=600,331 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-1.png?resize=1200,662 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-1.png?resize=1500,828 1500w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\"> <\/a><figcaption class=\"screen-reader-text\"> Sen. Gary Peters, D-Mich., holds a Senate Homeland Security and Governmental Affairs business meeting on July 31, 2024, in Washington, D.C. (Screenshot) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"2.4247787610619\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/senate-homeland-security-streamlining-cyber-regulations-bills\/\"> Cyber bills on federal regs, health security and workforce clear Senate panel <\/a> <\/h3>\n<p> Committee members voted 10-1 to advance all three bipartisan pieces of legislation, setting the stage for full Senate consideration. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/matt-bracken\/\"> Matt Bracken <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/scotus-social-media-platforms-content-moderation-cases\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-2.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-5.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-5.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-5.jpg?resize=1012,675 1012w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Robert F. Kennedy, Jr. holds a presidential campaign event on Aug. 30, 2023 in Brooklyn. A lawsuit from Kennedy challenges the government\u2019s role in the removal of his own COVID-related posts. (Photo by Spencer Platt\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/scotus-social-media-platforms-content-moderation-cases\/\"> Pair of lawsuits seek to revive fight over alleged censorship campaigns <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/madison-alder\/\"> Madison Alder <\/a> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/derek-johnson\/\"> Derek B. Johnson <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/picketed-at-work-confronted-at-church-why-election-workers-have-left-the-job\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-3.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg 4000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg?resize=2048,1366 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/09\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack-6.jpg?resize=1264,843 1264w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Protesters call for a \u201cforensic audit\u201d of the 2020 presidential election, during a demonstration by a group called Election Integrity Fund and Force, outside of the Michigan State Capitol in Lansing on Oct. 12, 2021. (Photo by JEFF KOWALSKY\/AFP via Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/picketed-at-work-confronted-at-church-why-election-workers-have-left-the-job\/\"> Picketed at work, confronted at church: Why election workers have left the job <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/derek-johnson\/\"> Derek B. Johnson <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/unitedhealth-group-steven-martin-ciso-ransomware-attack-recovery\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>UnitedHealth CISO: We had to \u2018start over\u2019 after ransomware attack<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1603,224,46,288],"tags":[1605,232,54,294],"class_list":["post-5387","post","type-post","status-publish","format-standard","hentry","category-change-healthcare","category-healthcare","category-ransomware","category-threats","tag-change-healthcare","tag-healthcare","tag-ransomware","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/change-healthcare\/\" rel=\"category tag\">Change Healthcare<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/healthcare\/\" rel=\"category tag\">Healthcare<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5387"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5387\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5387,"date":"2024-09-19T14:33:09","date_gmt":"2024-09-19T19:33:09","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81831"},"modified":"2024-09-19T14:33:09","modified_gmt":"2024-09-19T19:33:09","slug":"unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/09\/19\/unitedhealth-group-ciso-we-had-to-start-over-after-change-healthcare-attack\/","title":{"rendered":"UnitedHealth Group CISO: We had to \u2018start over\u2019 after Change Healthcare attack"},"content":{"rendered":"