UnitedHealth had two days to prevent this attack and did nothing?
Per Congressman Gallego’s letter:
“It appears that this attack is related to a vulnerability discovered in the ScreenConnect app from ConnectWise, which is used for remote access for services such as IT support. Once ConnectWise discovered the vulnerability, it released a security fix on Monday, February 19th – two days prior to the first bulletin of a cyber security incident from Change Healthcare.
While it is not publicly known if Change Healthcare attempted to implement the security fix, the two-day window between the public disclosure of the vulnerability, rated as critical when first reported by ConnectWise, and when that vulnerability was exploited is extremely concerning.”
https://rubengallego.house.gov/imo/media/doc/22724unitedhealthcyberattackletter.pdf