Senate Finance Committee Chair Ron Wyden (D-OR) recently sent a letter to UnitedHealth Group (UHG) CEO Andrew Witty, seeking more information a cyberattack earlier this year on the American health care system.
“I write to seek answers to questions for the record following your testimony before the Senate Finance Committee in June 2024 that to date have not been satisfactorily answered,” Wyden said. “You testified about this incident before the committee in June, during which you provided vague, unclear information about the incident and the degree to which it was caused by your company’s lax cybersecurity practices. Congress has a responsibility to conduct rigorous oversight to determine what legislative actions might be necessary in the wake of the most significant cyberattack against the U.S. health care sector to date.”
Wyden asked UHG to provide copies of independent cybersecurity audit reports for the five years. He also asked for the method hackers used to access to the company’s data and systems.
The senator also asked whether UHG’s server that was compromised during the cyberattack had received a security audit prior to the cyberattack, and the steps UHG has taken to defend against future hacks.
In September, Wyden introduced legislation that would create a minimum cybersecurity standard for the health care industry.