UnitedHealth Group has made a significant change in its security leadership by appointing Tim McKnight as the new Chief Information Security Officer (CISO). This decision comes eight months after a ransomware attack on its subsidiary Change Healthcare led to sustained nationwide disruptions. McKnight shared this news on LinkedIn, marking a transition from the previous CISO, Steven Martin, who assumed the role just nine months before the cyberattack. Martin has now moved into a new position as the Chief Restoration Officer at UnitedHealth Group, following his tenure as CIO and CTO at Change Healthcare and Optum.
The recent cyberattack on UnitedHealth Group involved compromised credentials to a remote access Citrix portal, resulting in the compromise of data belonging to at least 100 million individuals. This incident is considered the largest healthcare data breach ever reported to federal regulators. One critical mistake that exacerbated the attack was the failure to implement multifactor authentication on a crucial system.
While UnitedHealth Group did not confirm if the leadership change was directly linked to the ransomware attack, the company expressed enthusiasm for McKnight’s appointment and highlighted his extensive cybersecurity experience spanning over 30 years. McKnight’s impressive background includes serving as the Executive Vice President and Chief Security Officer at SAP, as well as holding security leadership positions at prominent organizations such as Thomson Reuters, GE, Fidelity Investments, and Northrop Grumman.
In a letter to the Federal Trade Commission and Securities and Exchange Commission, Senator Ron Wyden previously criticized UnitedHealth Group for appointing Martin, who lacked prior experience in a full-time cybersecurity role, as CISO. With McKnight now at the helm of the company’s cybersecurity efforts, UnitedHealth Group aims to enhance its security posture and mitigate future risks effectively.