Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Meta enters the crowded AI coding fray with Muse Spark 1.1

Elon Musk says X will send DMs when posts you’ve interacted with are fixed

AI chip maker SambaNova raises $1 billion at $11 billion valuation, 5 months after last mega round

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Meta enters the crowded AI coding fray with Muse Spark 1.1

    13 July 2026

    Can AI answer the $3 trillion question?

    12 July 2026

    OpenAI shuts down Atlas, but AI browser ambitions keep growing

    12 July 2026

    OpenAI bets on families as ChatGPT goes deeper into households

    11 July 2026

    Meta removes controversial AI feature on Instagram after backlash

    11 July 2026
  • Apps

    Elon Musk says X will send DMs when posts you’ve interacted with are fixed

    13 July 2026

    ‘Slow-cial’ Roost app forces you to slow down to the speed of a carrier pigeon

    12 July 2026

    Character.AI is entering the micro-drama arena with its own productions, but there’s a twist

    12 July 2026

    A new app, HyperTexting, turns the open web into a social media scrolling-like stream

    11 July 2026

    Apple is suing OpenAI for alleged trade secret theft

    11 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

    10 July 2026

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026
  • Hardware

    Meta’s new AI chips will begin production in September

    12 July 2026

    This slush machine was a lifesaver during the New York heat wave

    12 July 2026

    Dumb Co dared me to exchange my iPhone for a hacked phone

    11 July 2026

    SK Hynix raises $26.5 billion in largest foreign public IPO in US history, set to build new fabs in US

    11 July 2026

    After Apple, smartphone manufacturing boom in India enters new phase with Vivo JV

    10 July 2026
  • Media & Entertainment

    Netflix could be planning “always on” live TV channels.

    11 July 2026

    Netflix is ​​dealing with shorter video content with its new set of publisher deals with Variety and others

    8 July 2026

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026
  • Security

    US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

    11 July 2026

    Florida ransomware dealer convicted of helping ransomware gang extort US companies

    10 July 2026

    Hacktivists call out Trump by hacking and defacing US military websites

    8 July 2026

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026
  • Startups

    AI chip maker SambaNova raises $1 billion at $11 billion valuation, 5 months after last mega round

    12 July 2026

    Hot French startup ZML releases free product to speed up inference on multiple AI chips

    12 July 2026

    Former OpenAI executive Kevin Weil is now on Stoke Space’s board

    11 July 2026

    Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

    11 July 2026

    Oratomic raises $300M to build sustainable quantum computer that only needs 20,000 qubits

    10 July 2026
  • Transportation

    TechCrunch Mobility: A robotaxi ultimatum

    12 July 2026

    Slate Auto partners with Crayola to paint its EV truck

    10 July 2026

    Autonomous drone delivery startup Manna plans major US expansion

    9 July 2026

    Federal authorities are demanding that autonomous vehicle companies stop interfering with first responders

    9 July 2026

    Another massive data breach exposed millions of driver’s license numbers

    8 July 2026
  • Venture

    Filed Under: College Fizz App Accuses VC Of Sharing Confidential Startup Info With Rival Sidechat

    11 July 2026

    Charles Hudson shares the common mistakes he’s seen after investing in 500+ startups

    10 July 2026

    Nandan Nilekani steps down as GP at Fundamentum as it launches third $200m fund

    9 July 2026

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»The UnitedHealth data breach should be a wake-up call for the UK and the NHS
Security

The UnitedHealth data breach should be a wake-up call for the UK and the NHS

techtost.comBy techtost.com3 May 202406 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
The Unitedhealth Data Breach Should Be A Wake Up Call For
Share
Facebook Twitter LinkedIn Pinterest Email

The ransomware attack which has engulfed the US health insurance giant UnitedHealth Group and its technology subsidiary Change of Health is a data privacy nightmare for millions of US patients, with CEO Andrew Witty confirming this week that it could affect up to a third of the country.

But it should also serve as a wake-up call to countries everywhere, including the UK where UnitedHealth is now trading through its recent acquisition of a company that manages data belonging to millions of NHS (National Health Service) patients.

As one of the largest healthcare companies in the USUnitedHealth is well-known domestically, intersecting with every aspect of the health care industry, from insurance and billing and winding up to physician and pharmacy networks — it’s a $500 billion juggernaut and the world’s 11th largest company by revenue. But in the UK, UnitedHealth is practically unknown, largely because it didn’t have much business across the pond — until six months ago.

After a 16-month regulatory process expires in October, UnitedHealth subsidiary Optum UK, through a subsidiary called Bordeaux UK Holdings II Limited, finally took ownership of EMIS Health in a $1.5 billion deal. EMIS Health provides software that connects doctors with patients, allowing them to book appointments, order repeat prescriptions and more. One of these services is Patient accesswhich claims about 17 million registered users who collectively made 1.4 million family doctor appointments through the app last year and ordered north of 19 million repeat prescriptions.

There is nothing to suggest that UK patient data is at risk here — these are different subsidiaries, with different arrangements, under different jurisdictions. But in his Senate testimony Wednesday, Witty blamed the hack on the fact that UnitedHealth acquired Change Healthcare in 2022it hadn’t updated its systems — and within those systems was a server that didn’t have multi-factor authentication (MFA) enabled.

We know that hackers stole health data using “compromised credentials” to gain access to a Change Healthcare Citrix portal that was intended for employees to access internal networks remotely. Incredibly, Witty said the company was still working to figure out why MFA wasn’t enabled two months after the attack. This does not inspire much confidence in UK healthcare professionals and patients using EMIS Health under its new owners.

This is not an isolated case.

Separately this week, 25-year-old hacker Aleksanteri Kivimäki he was imprisoned for more than six years for infiltrating a company called Vastaamo in 2020, stealing healthcare data belonging to thousands of Finnish patients and attempting to extort and blackmail both the company and the affected patients.

Whether or not ransomware attacks prove successful, they are ultimately lucrative – payouts to perpetrators reportedly doubled to more than $1 billion in 2023, a record year by many accounts. During his testimony, Witty confirmed Earlier reports that UnitedHealth paid a $22 million ransom to its hackers.

Health data as a valuable commodity

However, the biggest takeaway from all of this is that personal data – particularly health data – is a huge global commodity and should be protected accordingly. However, we continue to see incredibly poor cyber hygiene, which should concern everyone.

As TechCrunch wrote a few months ago, it’s becoming increasingly difficult to access even the most basic form of healthcare in the government-funded NHS without agreeing to give private companies access to your data — whether it’s a multinational or a multibillion-dollar business dollars -under startup support.

There may be legitimate business and practical reasons why partnering with the private sector makes sense, but the reality is that such partnerships increase the attack surface that bad actors can target—regardless of the obligations, policies, and promises they make. may have a company.

Many UK GP surgeries now require patients to use third-party friction software to book appointments, and unless you go through the fine print of privacy policies with a fine-toothed comb, it’s often unclear who the patient is really dealing with.

Digging into Privacy Policy a triaging service provider is called Health Pads, which says it supports over 10 million patients across the NHS, reveals it is merely the data “sub-processor” responsible for developing and maintaining the software. The primary data processor contracted to provide the service is in fact compete with the support of stocks the company called Advancedwho was hit by a ransomware attack two years ago, forcing NHS services offline. Similar to the UnitedHealth attack, legitimate credentials were used to access a Citrix server.

You don’t have to squint to see the parallels between what happened with UnitedHealth and what could happen in the UK with the myriad private companies entering into partnerships with the NHS.

Finland also serves as a cautionary reminder as the NHS creeps deeper into the private sphere. Compiled one from the biggest crimes ever committed in the country, the Vastaamo data breach arose after Finland’s public healthcare system subcontracted a now-defunct private psychotherapy company. Aleksanteri Kivimäki infiltrated an insecure database of Vastaamo, and after Vastaamo refused to pay a €450,000 Bitcoin ransom, Kivimäki attempted to extort thousands of patients by threatening to issue personal treatment notes.

In the ensuing investigation, it was found that Vastaamo had completely inadequate security procedures in place. His patient database was exposed on the open internet, including unencrypted sensitive data such as contact information, social security numbers and therapists’ notes. The Finnish data protection ombudsman taking into consideration The most likely cause of the breach was an “unsecured MySQL port to the database”, where the root user account was not password protected. This account allowed unbridled access to the database from any IP address and the server had no firewall.

In the UK, there have been strong concerns about how the NHS opens up access to data. The most high-profile partnership came just last year, when Peter Thiel-backed big data analytics firm Palantir was awarding huge contracts by NHS England to help it move to a new Federal Data Platform (FDP) — far towards chagrin of doctors and data privacy advocates across the country.

But everything seems somewhat inevitable. Privacy advocates scream and shout, but big, cash-strapped companies continue to get the keys to sensitive data belonging to millions of people. Promises are made, assurances are given, processes are in place — then someone forgets to set up basic MFA or leaves an encryption key under the doormat and it all blows up.

Rinse and repeat.

breach Call Change of Health data NHS UnitedHealth UnitedHealth Group wakeup
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleHyundai spends nearly $1 billion to keep self-driving startup Motional alive
Next Article Apple iPad Event: What to Expect
bhanuprakash.cg
techtost.com
  • Website

Related Posts

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

11 July 2026

Florida ransomware dealer convicted of helping ransomware gang extort US companies

10 July 2026

Another massive data breach exposed millions of driver’s license numbers

8 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Meta enters the crowded AI coding fray with Muse Spark 1.1

13 July 2026

Elon Musk says X will send DMs when posts you’ve interacted with are fixed

13 July 2026

AI chip maker SambaNova raises $1 billion at $11 billion valuation, 5 months after last mega round

12 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

10 July 2026

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026
Startups

AI chip maker SambaNova raises $1 billion at $11 billion valuation, 5 months after last mega round

Hot French startup ZML releases free product to speed up inference on multiple AI chips

Former OpenAI executive Kevin Weil is now on Stoke Space’s board

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.