RELEVANT - CURRENT - ACTIONABLE

In February of this year, following a cybersecurity incident at Change Healthcare, RedSense reviewed its telemetry data for indicators of adversary activity and tactics. We detected traffic that suggested a technology vendor and a recently reported vulnerability might be involved. We are pleased to announce that, after a thorough investigation by the vendor, United Health Group, forensic experts, and law enforcement, the vendor ultimately determined that its product was not the source of vulnerability in the Change Healthcare incident. We commend the vendor for their dedication to security and efforts to clear their solution from suspicion. This demonstrates the humility and transparency that all technology vendors should aspire to. We appreciate their updates, which allowed us to remove public comments suggesting their technology was potentially misused in the attack.