Congressional Hearings

Senate Finance

  • Wyden Hearing Statement on Change Healthcare Cyberattack and UnitedHealth Group’s Response

  • Crapo Statement at Hearing on Change Healthcare Cyberattack

    • HEARING HIGHLIGHTS — Lawmakers on the Senate Finance Committee today blasted UnitedHealth Group for not doing more to prevent one of the largest cyberattacks in the country’s history, POLITICO’s Robert King reports.

      • UnitedHealth Group CEO Andrew Witty explained to senators how hackers orchestrated the Feb. 21 cyberattack that crippled the company’s subsidiary, Change Healthcare, which processes insurance payments for doctors and hospitals. Witty is also testifying this afternoon at the House Energy and Commerce Oversight and Investigations Subcommittee hearing on the cyberattack.

      • Here are some takeaways from the Senate hearing:

        • UnitedHealth apologizes, but blames Change transition- Witty explained that a Change server lacked a cybersecurity protection average Americans know well, multi-factor authentication, that typically requires a user to enter a code received on another device before gaining access to a password-protected computer application. He acknowledged the security gap was a violation of company policy and said he was “deeply, deeply sorry.” He explained that UnitedHealth had failed to fully update security procedures at Change after acquiring it in October 2022

        • Senators say UnitedHealth should compensate providersCommittee members said that the no-interest loans the insurer has offered hospitals and doctors while they awaited direct payment haven’t been enough to plug the financial hole providers faced. “We have hospitals that are pulling on a line of credit, are you going to pay that interest? Are you going to reimburse that?” asked Sen. Marsha Blackburn (R-Tenn.). Witty insisted things are “broadly back to normal,” but Blackburn said her constituents are still complaining.

House Energy and Commerce Subcommittee on Health

  • "Examining Health Sector Cybersecurity in the Wake of the Change Healthcare Attack"
    • Date: Tuesday, April 16, 10:00am EDT
    • Witnesses/Testimony:

      • Mr. Greg Garcia, Executive Director for Cybersecurity, Healthcare Sector Coordinating Council

      • Mr. Robert Sheldon, Senior Director of Public Policy and Strategy, CrowdStrike

      • Mr. John Riggi, National Advisor for Cybersecurity and Risk, American Hospital Association

      • Mr. Scott MacLean, Board Chair, College of Healthcare Information Management Executives (CHIME)

Change Healthcare Congressional Hearings