The Senate Finance Committee is working to secure a hearing with UnitedHealth Group CEO Andrew Witty this spring, The Washington Post reported March 22.
Senators' inquiry will occur more than a month after UnitedHealth subsidiary Change Healthcare reported a cyberattack Feb. 21 in a situation that has since evolved to become "the most significant and consequential incident of its kind against the U.S. healthcare system in history," according to the American Hospital Association.
The Post cited three unnamed sources for the information. The outlet noted that while UnitedHealth confirmed its participation in a Senate Finance Committee hearing, Mr. Witty's presence and the precise date are not yet confirmed.
Change Healthcare confirmed to Becker's Feb. 29 the cybersecurity issue was perpetrated by a "cybercrime threat actor who has represented itself to us as ALPHV/Blackcat," a ransomware as a service group.
In a March 14 session on HHS' proposed 2025 budget, Senate Finance Chairman Ron Wyden discussed the cyberattack with HHS Secretary Xavier Becerra and asked for Mr. Becerra's cooperation in holding "negligent CEOs" accountable in healthcare cybersecurity matters.
"For a long time, these private companies have been allowed to set their own standards, and it doesn't seem very surprising that neither UnitedHealth Group nor federal agencies were prepared for the attack on Change Healthcare and its fallout," the senator said.
Mr. Wyden said that although HHS' budget contains greater penalties for compliance violations and mandatory cybersecurity standards for hospitals, he wants further action.
"Mandatory standards are a great first step. But we've got to do more. The next step has to be fines and accountability for negligent CEOs, for example, which will enable HHS to better protect patients and our national security."
Change Healthcare, a revenue cycle management services provider, handles 15 billion transactions per year and is the nation's largest commercial prescription processor. It combined with UnitedHealth Group's Optum in October 2022.
Since the February attack that caused system outages, UnitedHealth Group has worked to design accelerated payment systems and workarounds amid ongoing system recovery efforts. Federal agencies have taken action by opening an investigation into the insurer, warning hospitals about "malicious cyber actors," and extending flexibilities to states for interim Medicaid payments.