On Wednesday, UnitedHealth CEO Andrew Witty appeared before Congress to answer for what lawmakers called a “single attack [that] kicked off a cascading series of crises that are unmasking some deep vulnerabilities in the core of our health care system”: the February Change Healthcare cyberattack that is still disrupting payment processing across the country.
Senators repeatedly interrupted Witty, trying to keep him to concrete answers and promises. Lawmakers on both sides of the aisle were exasperated with UnitedHealth. At one point, Sen. Thom Tillis (R-N.C.) held up a fifth-edition copy of “Hacking for Dummies” during the hearing.
“This is some basic stuff that was missed,” he said, referring to the fact that the hackers gained access to a Change server that didn’t have multi-factor authentication, a big problem for a company whose business is digital data. “So shame on internal audit, external audit and your system folks, those tasked with redundancy, they’re not doing their job. And as a result, we have a data breach.”
This article is exclusive to STAT+ subscribers
Unlock this article — plus daily intelligence on Capitol Hill and the life sciences industry — by subscribing to STAT+.
Already have an account? Log in
Already have an account? Log in
To submit a correction request, please visit our Contact Us page.
STAT encourages you to share your voice. We welcome your commentary, criticism, and expertise on our subscriber-only platform, STAT+ Connect