On Wednesday, UnitedHealth CEO Andrew Witty appeared before Congress to answer for what lawmakers called a “single attack [that] kicked off a cascading series of crises that are unmasking some deep vulnerabilities in the core of our health care system”: the February Change Healthcare cyberattack that is still disrupting payment processing across the country.
Senators repeatedly interrupted Witty, trying to keep him to concrete answers and promises. Lawmakers on both sides of the aisle were exasperated with UnitedHealth. At one point, Sen. Thom Tillis (R-N.C.) held up a fifth-edition copy of “Hacking for Dummies” during the hearing.
“This is some basic stuff that was missed,” he said, referring to the fact that the hackers gained access to a Change server that didn’t have multi-factor authentication, a big problem for a company whose business is digital data. “So shame on internal audit, external audit and your system folks, those tasked with redundancy, they’re not doing their job. And as a result, we have a data breach.”
