Senators criticize UnitedHealth CEO over cyber attack

Several lawmakers questioned whether the company had grown so large — with tentacles into every aspect of the nation's medical care — that the hack's effects were out of proportion. During a tense Senate hearing Wednesday, lawmakers sharply criticized UnitedHealth Group's handling of the cyberattack that crippled the U.S. health care system , citing the failure of its security systems and the potential disclosure of the sensitive medical information of millions of Americans.

Democratic and Republican senators questioned whether the cyberattack of Change Healthcare, which handles a third of all U.S. patient records and some 15 billion transactions a year, was so large because UnitedHealth is too deeply embedded in nearly every aspect of the nation's medical care.

< p class="css-at9mc1 evys1bk0">UnitedHealth Group, which reported 2023 revenue of $372 billion and is one of the nation's largest companies, is not only the parent company of Change, but also the parent company of the nation's largest health insurer and a large pharmacy benefits manager (OptumRx). United also supervises nearly one in 10 doctors in the country. too big to fail. increasingly larger shares of the health care system," said Sen. Ron Wyden, Democrat of Oregon and chairman of the Finance Committee.

The health system American health care was pushed into chaos after the Feb. 21 attack on Change, which serves as a digital highway between health insurers, hospitals and doctors. Patients couldn't fill their prescriptions, and hospitals and doctors faced a severe cash crunch because they couldn't get paid for their care.

Lawmakers in Congress have demanded more information about how the hack happened and what UnitedHealth was doing to fix it, and the company last month declined a request to appear before the House subcommittee. health of the House. On Wednesday, UnitedHealth CEO Andrew Witty was summoned to testify before the Senate Finance Committee and before a panel of the House Energy and Commerce Committee.

In the afternoon, House lawmakers voiced concerns, especially given the company's enormous scale. Describing UnitedHealth's "increasing intrusion into every corner of our health care system," Rep. Cathy McMorris Rodgers, Republican of Washington and chairwoman of the House committee, said the company's actions were likely to become “a case study of poor crisis management”. /p>

In the morning, Mr. Witty defended the company's efforts to restore services and apologized.

"As a result of this malicious cyberattack, patients and providers have experienced disruption and people are worried about their private health data,” he said. “To everyone affected, let me be very clear: I am deeply, deeply sorry. network, including an inadequate backup plan, and admitted that United had failed in its initial efforts to help cover supplier payments.

Last week, United began revealing that the hackers did indeed have access to some patient data, although Mr. Witty told senators that it would be some time before the company had a clear idea of ​​the scale of this information breach on patients.

Mr. Wyden specifically expressed frustration with how little information United had provided to consumers. “The Americans still don’t know how much sensitive information was stolen from them,” he added. He dismissed the company's efforts to provide credit monitoring, calling them "thoughts and prayers in the event of a data breach."

He also noted concern over the disclosure of sensitive medical data on active military personnel covered by the company, calling it a "clear threat to national security."

Mr. Witty said UnitedHealth is working with regulators to determine when and how to begin communicating with affected individuals.

"We want to try to avoid piecemeal communication," Witty said. he declared. .

Unit...