UnitedHealth Group (UHG) CEO Andrew Witty recently testified before two congressional committees, whose members lambasted the private payer’s inadequate response to the Feb. 21 cyberattack on its subsidiary, Change Healthcare.
The Texas Medical Association continues to monitor the cyberattack, which disrupted payment and revenue cycle management operations across the U.S., leaving countless physician practices without income. The association also has been in touch with members of Congress regarding its ongoing impact on physicians and has advocated for meaningful relief.
During its May 1 hearing, the Senate Finance Committee focused on UHG’s size – one of the largest companies in the U.S. in terms of revenue, according to the Fortune 500 – and called for stronger cybersecurity regulations to prevent similar attacks in the future.
“[T]he Change hack is a dire warning about the consequences of ‘too big to fail’ mega-corporations gobbling up larger and larger shares of the health care system,” Chair Ron Wyden (D-Ore.) said during his opening statement, noting that UHG is the foremost purchaser of physician practices.
Ranking member Mike Crapo (R-Idaho) called on UHG and the federal government to take steps to bolster “our shared cybersecurity infrastructure.”
“We owe it to American patients and to our frontline health care providers, from health systems to clinicians and community pharmacies, to ensure that this does not, and cannot, happen again,” he said during his opening statement.
Mr. Witty apologized to those impacted by the attack and agreed with Senator Crapo about the need for more stringent cybersecurity standards. He attributed the attack, in part, to Change Healthcare’s “older legacy technology,” which UHG had yet to update since acquiring the company in October 2022, and to the lack of multi-factor authentication, a basic login security measure.
Senator Wyden also lamented the attack’s disproportionate impact on smaller practices, which “have been left holding the bag, stuffing envelopes with paper claims and unable to get straight answers on how long the outage will last,” and on patients.
The House Energy and Commerce Committee’s Oversight and Investigations Subcommittee emphasized this financial strain in its own hearing later the same day.
During questioning, U.S. Rep. Michael Burgess, MD (R-Lewisville), recent recipient of TMA’s Distinguished Service Award, confirmed with Mr. Witty that UHG continues to support impacted practices, including by offering financial assistance to alleviate cash flow problems.
“We will work with providers,” Mr. Witty responded. “So far, we have not asked anyone to repay. Providers have begun to repay. ... However, there are others who are still drawing down some of these interest-free loans, so there are others who continue to need help.”
For more information about the cyberattack, including helpful resources, check out TMA’s dedicated webpage.
Emma Freer
Associate Editor
(512) 370-1383