In a gripping Senate Finance Committee hearing, Change Healthcare CEO Andrew Witty disclosed that data stolen in the February ransomware attack likely includes information from current (and former) armed forces members.Â
Chair Ron Wyden pressed Witty on UnitedHealth’s response to the breach, emphasizing the need for transparency and accountability in safeguarding sensitive data. Despite facing scrutiny for delays in notifying affected individuals, Witty affirmed the company’s commitment to working with regulators to mitigate risks and ensure timely disclosures.
The revelation that the breached Change Healthcare server lacked multi-factor authentication (MFA) ignited further debate among committee members. Witty acknowledged the oversight and highlighted ongoing efforts to enhance cybersecurity across UnitedHealth Group’s external systems.
Witty’s testimony also delved into the intricacies of the attack, revealing challenges posed by legacy technologies and the absence of redundancy protocols. Amid calls for minimum cybersecurity standards in the healthcare industry, Witty expressed support for regulatory initiatives and emphasized UnitedHealth’s proactive approach to strengthening defenses and collaborating with law enforcement agencies.
Stay tuned for more updates on this developing story as lawmakers continue to scrutinize the aftermath of the UnitedHealth breach and its implications for data security and national defense.