It has been reported that new figures show that the UnitedHealth cyber attack from 2024 actually impacted 190 million Americans, which is much higher than previous reports estimated. In response to the news, Simon Phillips, CTO of SecureAck, gives his thoughts.

“Previous estimates suggested this attack impacted one in three Americans, but clearly these figures were a drop in the ocean in comparison with the reality. It now looks like one in two citizens were impacted, which undoubtedly turns the attack into the largest the world has ever experienced.

UnitedHealth also has suffered an estimated $2 billion in losses following the attack, which also makes it one of the costliest cyber incidents. This is even despite the company apparently paying the ransom demand, twice.

This should act as a warning to other organisations. Paying a ransom demand doesn’t equal exemption from the other costs and reputational damage associated with attacks. 

Firstly, as we are seeing here, there are no guarantees criminals will stick to their word, plus, paying means an organisation’s future lies in the hands of threat actors, which is a very dangerous position to be in.

This means working to defend against ransomware and improving cyber resilience must be the priority. Organisations must adopt basic cyber hygiene practices, which includes applying MFA across all accounts. They should also adopt a comprehensive back up process to ensure systems can be restored quickly, even in the face of ransomware attack.

When organisations combine a successful backup program with automated recovery, ransomware attacks become less impactful and more of a nuisance rather than a cause of destruction. 

Instead, systems can be brought back up with a few clicks, allowing business to return to normal quickly, reducing financial losses and reputational damage.”

For more cyber news, click here