Lawmakers grill UnitedHealth CEO on Change cyberattack: ‘Your company let the country down’

On Wednesday, UnitedHealth CEO Andrew Witty appeared before Congress to answer for what lawmakers called a “single attack [that] kicked off a cascading series of crises that are unmasking some deep vulnerabilities in the core of our health care system”: the February Change Healthcare cyberattack that is still disrupting payment processing across the country.

Senators repeatedly interrupted Witty, trying to keep him to concrete answers and promises. Lawmakers on both sides of the aisle were exasperated with UnitedHealth. At one point, Sen. Thom Tillis (R-N.C.) held up a fifth-edition copy of “Hacking for Dummies” during the hearing.

advertisement

“This is some basic stuff that was missed,” he said, referring to the fact that the hackers gained access to a Change server that didn’t have multi-factor authentication, a big problem for a company whose business is digital data. “So shame on internal audit, external audit and your system folks, those tasked with redundancy, they’re not doing their job. And as a result, we have a data breach.”

STAT+ Exclusive Story

STAT+

This article is exclusive to STAT+ subscribers

Unlock this article — plus daily intelligence on Capitol Hill and the life sciences industry — by subscribing to STAT+.

Already have an account? Log in

Already have an account? Log in

View All Plans

Get unlimited access to award-winning journalism and exclusive events.

Subscribe