Base Deck

Question 1

What was the date and duration of the Change Healthcare breach?

Answer 1

February 12-21, 2024 (9 days). Largest healthcare breach in U.S. history.

Question 2

What was the attack vector used in the Change Healthcare breach?

Answer 2

Compromised credentials through an unsecured Citrix portal lacking MFA (Multi-Factor Authentication)

Question 3

How much data was exfiltrated during the breach?

Answer 3

Approximately 6TB of sensitive data affecting 100 million patients and 1.6 million healthcare providers

Question 4

What percentage of U.S. health claims were affected?

Answer 4

About 40% of all U.S. health claims were impacted

Question 5

What was the total cost of the breach including ransom?

Answer 5

Exceeded $1 billion, including a $22 million ransom payment to ALPHV/BlackCat

Question 6

What operational systems were disrupted?

Answer 6

Insurance verification, claims processing, and payment operations nationwide

Question 7

What is the mnemonic for incident talking points?

Answer 7

Identify All Important Data For Response (I-A-I-D-F-R)

Question 8

Who was the ransomware group responsible?

Answer 8

ALPHV/BlackCat ransomware group

Question 9

What cybersecurity framework does UHG use?

Answer 9

NIST Cybersecurity Framework (CSF) 2.0

Question 10

What is UHG’s current NIST CSF score vs target?

Answer 10

Current: 2.1 (Repeatable), Target: 2.5 (Defined) by FY2026

Question 11

What is UHG’s weakest governance area score?

Answer 11

Governance scored 1.1, demonstrating unclear accountability and inconsistent practices

Question 12

What does UHG’s risk tolerance explicitly reject?

Answer 12

Risks jeopardizing regulatory compliance, data integrity, or patient safety

Question 13

What governance enhancements are proposed?

Answer 13

Updated cybersecurity charters, defined roles, clearer accountability structures, executive simulations, standardized escalation protocols

Question 14

What is the mnemonic for governance talking points?

Answer 14

Nurture Clear Governance; Reinforce Roles & Guidelines (N-C-G-R-R-G)

Question 15

Why was governance particularly weak post-Change Healthcare acquisition?

Answer 15

Inconsistent cybersecurity practices across subsidiaries after the acquisition integration

Question 16

When was the comprehensive security assessment conducted?

Answer 16

August 2024, six months post-breach

Question 17

What assessment methodologies were used?

Answer 17

NIST CSF and CMMI (Capability Maturity Model Integration)

Question 18

What was the asset management maturity score?

Answer 18

2.4 - lacking unified visibility across integrated entities

Question 19

What was the vulnerability management score and why?

Answer 19

1.8 due to inconsistent threat modeling and response practices

Question 20

What delayed effective incident containment?

Answer 20

Incident response processes varied across business units

Question 21

What is the target maturity rating by FY2026?

Answer 21

Maturity rating of 3 (Defined) by FY2026

Question 22

What is the mnemonic for capability assessment?

Answer 22

Assess Security And Validate Incident Remediation (A-S-A-V-I-R)

Question 23

What are the key remediation roadmap elements?

Answer 23

Standardized methodologies, automated risk assessment tools, consistent post-incident reviews

Question 24

What are the six strategic initiative categories?

Answer 24

Governance & Risk Alignment, Enhanced Asset & Data Visibility, Modernized Detection & Monitoring, Cyber Resilience & Recovery, Security Culture & Training, Integration & Third-Party Risk Management

Question 25

What identity management enhancements are planned?

Answer 25

Just-in-time access, biometric authentication, comprehensive asset inventories, standardized data classification

Question 26

What detection capabilities will be modernized?

Answer 26

AI-driven continuous monitoring for rapid threat identification and response

Question 27

What cyber resilience measures are included?

Answer 27

Immutable backups and rigorous recovery validation processes

Question 28

What is the strategic initiatives mnemonic?

Answer 28

Governance Enhancement Modernizes Controls, Secures Integrations (G-E-M-C-S-I)

Question 29

How will security culture be enhanced?

Answer 29

Robust, role-specific training programs and enhanced third-party vendor monitoring

Question 30

What is the total investment requested over three years?

Answer 30

$40.9 million over three years

Question 31

What is the CAPEX vs OPEX breakdown?

Answer 31

$9.3 million CAPEX and $31.7 million OPEX

Question 32

Which year requires the largest investment?

Answer 32

2025 is the largest investment year for substantial cybersecurity enhancements

Question 33

What is the calculated ROSI (Return on Security Investment)?

Answer 33

Exceeding 2,400% return on investment

Question 34

What percentage of total IT budget is cybersecurity spending?

Answer 34

Approximately 7% of total IT budget, aligning with industry benchmarks

Question 35

What is the budget justification mnemonic?

Answer 35

Budget Clarity Leads ROI; Counter Inaction (B-C-L-R-C-I)

Question 36

What would be the cost of inaction?

Answer 36

Potential breaches could vastly exceed the $40.9M budget request, as evidenced by the recent $1 billion impact

Question 37

What success metrics have been defined?

Answer 37

Improved NIST CSF maturity scores, specific KPIs for asset coverage, privileged access, monitoring effectiveness, and recovery validation

Question 38

What do Key Risk Indicators (KRIs) track?

Answer 38

Unresolved vulnerabilities, privileged account violations, and monitoring gaps

Question 39

What validation procedures are being implemented?

Answer 39

Standardized RTO/RPO validation procedures for robust disaster recovery

Question 40

How will compliance be documented?

Answer 40

Rigorous documentation of compliance audits and regulatory adherence

Question 41

What is the reporting frequency to stakeholders?

Answer 41

Quarterly progress updates to maintain visibility and demonstrate commitment

Question 42

What is the success measures mnemonic?

Answer 42

Data Makes Key Insights Clear (D-M-K-I-C)

Question 43

What are the six functions of NIST CSF 2.0?

Answer 43

Govern, Identify, Protect, Detect, Respond, Recover

Question 44

What does CERT-RMM stand for?

Answer 44

Computer Emergency Response Team - Resilience Management Model

Question 45

What does CMMI stand for?

Answer 45

Capability Maturity Model Integration

Question 46

What does ROSI stand for?

Answer 46

Return on Security Investment

Question 47

What ransomware group attacked Change Healthcare?

Answer 47

ALPHV/BlackCat

Question 48

When did the Change Healthcare breach occur?

Answer 48

February 12-21, 2024