UHG CEO Andrew Witty Testifies on Change Cyberattack

Witty appeared before both the Senate Finance Committee and the House Committee on Energy & Commerce Subcommittee on Oversight and Investigations. During the hearings, Witty responded to questions about the details of the February attack, including how Change Healthcare's cyberinfrastructure was breached, how many individual's data were impacted, and what personal information the hackers were able to access. Panel members also used the hearing as an opportunity to discuss broader policy issues, including the need for minimum cybersecurity standards across the health care industry and the risks posed by consolidation on health care competition, quality, and cybersecurity.

Lawmakers on Capitol Hill continue to investigate the cyberattack, how it could have been prevented, and the response to the attack by both UnitedHealth and the federal government. Most recently, Sens. Elizabeth Warren (D-Mass.), Bill Cassidy (R-La.), and Richard Blumenthal (D-Conn.) wrote to the Cybersecurity and Infrastructure Security Agency urging an assessment of the cybersecurity landscape leading up to, and after, the Change attack. The leaders of the House Committee on Energy & Commerce also sent a bipartisan letter to United seeking further information about the attack. "The health care system is rapidly consolidating at virtually every level, creating fewer redundancies and more vulnerability to the entire system if an entity with significant market share at any level of the system is compromised," the committee leaders wrote. "In order to understand better the steps UnitedHealth has taken to address this situation, we request information about the impact of the cyberattack, the actions the company is taking to secure its systems, and the outreach to the health care community in the aftermath.