In February, an attack on Change Healthcare, a subsidiary of UnitedHealth Group, caused significant disruptions in healthcare payments across the country. As a provider of technology for submitting and processing insurance claims, the attack left more than 80 percent of hospitals without payment, impacting their cash flow.
In response to the incident, the administration implemented measures to ensure that hospitals received the funds they were owed. This included approving accelerated and advance payments to healthcare systems that anticipated delays in payments. Congress also launched its own investigations into what happened.
The House Energy & Commerce Health subcommittee has scheduled a hearing on health sector cybersecurity, where cybersecurity experts will testify. Additionally, Senator Ron Wyden has announced that a hearing on the Change attack will be held. He emphasized that the healthcare sector is a prime target for criminal and foreign adversaries such as China and Russia due to its critical functions.
Although reports indicate that UnitedHealth Group CEO Andrew Witty will be the sole witness at an April 30 hearing discussing the incident, it is not clear if other witnesses will be called upon to testify. The size and influence of companies like UnitedHealth Group present systemic cybersecurity risks that need to be addressed, as they have significant control over core functions in the healthcare system.
