PYMNTS Intelligence Alternate Banner June 2024

Sen. Ron Wyden Calls for Investigation of UnitedHealth Group Cyberattack

Senate Finance Committee Chair Ron Wyden, D-Ore., has called on the Biden administration to investigate the cybersecurity incident at UnitedHealth Group.

In a Thursday (May 30) letter addressed to Federal Trade Commission (FTC) Chair Lina M. Khan and Securities and Exchange Commission (SEC) Chair Gary Gensler, Wyden asked that the two agencies investigate the incident.

Wyden wrote in the letter that the incident was “completely preventable and the direct result of corporate negligence,” noting that UnitedHealth Group confirmed that a remote access server that was breached by the hackers was not protected with multifactor authentication (MFA).

“The cyberattack against UHG could have been prevented had UHG followed industry best practices,” Wyden wrote. “UHG’s failure to follow those best practices, and the harm that resulted, is the responsibility of the company’s senior officials including UHG’s CEO and board of directors.”

Reached by PYMNTS, UnitedHealth Group provided an emailed statement saying that the attack on the company’s Change Healthcare, like other recent cyberattacks, “underscores the need to fortify cyber defenses and strengthen resilience” and that the company looks forward to “working with policymakers and other stakeholders in helping develop strong, practical solutions.”

“The fact that the company moved quickly and effectively in response to this attack is testament to our company’s commitment to strong cybersecurity,” the statement said. “UnitedHealth Group has an experienced board with effective, broad-based skills in risk management, including cybersecurity. Members of the Audit and Finance Committee, which oversees the company’s cybersecurity program, have experience with cybersecurity and in leading organizations operating in industries facing significant cybersecurity risks.”

In an earlier response to the cyberattack on UnitedHealth Group’s Change Healthcare, Sen. Mark R. Warner, D-Va., introduced a bill in March that would accelerate Medicare payments to healthcare providers that have suffered a cyberattack, if they and their vendors meet minimum cybersecurity standards.

“The recent hack of Change Healthcare is a reminder that the entire healthcare industry is vulnerable and needs to step up its game,” Warner said at the time in a press release. “This legislation would provide some important financial incentives for providers and vendors to do so.”