UnitedHealth CEO Andrew Witty to Testify Before Congress on Cyberattack

UnitedHealthcare

UnitedHealth Group CEO Andrew Witty will testify before two Congressional committees Wednesday (May 1), addressing the cyberattack that hit the company’s Change Healthcare unit.

The Senate hearing is titled “Hacking America’s Health Care: Assessing the Change Healthcare Cyber Attack and What’s Next,” while the House hearing is called “Examining the Change Healthcare Cyberattack.”

When announcing the upcoming House hearing, House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-Wash.) and Subcommittee on Oversight and Investigations Chair Morgan Griffith (R-Va.) said in an April 19 press release that they “look forward to learning more on what happened in the lead up to, and in the weeks following, the attack.”

Members of Congress are likely to consider whether UnitedHealth Group has become too big, creating a single point of failure that puts large parts of the country’s healthcare system at risk, Bloomberg reported Monday (April 29).

Witty has said that the company’s size kept the attack from being more harmful than it was, according to the report.

The cyberattack was one of the costliest ever and could reduce UnitedHealth Group’s profit by $1.6 billion this year, the report said.

However, the company has an expected annual profit of $24.7 billion and offered $6.5 billion in assistance for providers impacted by the cyberattack, per the report.

It was reported April 22 that hackers were in the networks of Change Healthcare for days before launching their ransomware strike and may have used that time to steal “significant” amounts of data.

The cyberattack left Change Healthcare with a $14 billion claims backlog at the end of March. The company had spent the previous month working to resume services after the Feb. 21 breach and had made payments of upward of $2.5 billion at that point to offer assistance to healthcare providers impacted by the disruption.

In the wake of the attack, a bill was introduced in the Senate that would provide financial incentives for healthcare providers and vendors to meet minimum cybersecurity standards. The proposed federal legislation would accelerate Medicare payments to healthcare providers that have suffered a cyberattack, if they and their vendors meet those standards.