Senator Wyden calls for investigation into cyberattack on UnitedHealth

Chairman of the Senate Finance Committee Ron WydenD-Ore., has called on the Biden administration to investigate the cybersecurity incident at UnitedHealth group.

On a Thursday (30 May) letter addressed To Federal Trade Commission (FTC) Chairman Lina M. Khan And Securities and Exchange Commission (SEC) Chairman Gary GenslerWyden called on both agencies to investigate the incident.

Wyden wrote in the letter that the incident was “entirely preventable and the direct result of company negligence,” noting that UnitedHealth Group confirmed that a remote access server compromised by the hackers was not protected by multi-factor authentication (MFA).

“The cyberattack on UHG could have been prevented had UHG followed industry best practices,” Wyden wrote. “UHG’s failure to follow those best practices and the resulting damage are the responsibility of the company’s senior executives, including UHG’s CEO and board of directors.”

The UnitedHealth Group, which PYMNTS reached, issued a statement via email explaining that the attack on the Change in healthcarelike other recent cyberattacks, “underscores the need to strengthen cyber defenses and increase resilience” and that the company looks forward to “working with policymakers and other stakeholders to develop strong, practical solutions.”

“The fact that the company responded quickly and effectively to this attack is testament to our company’s commitment to strong cybersecurity,” the statement said. “UnitedHealth Group has an experienced board of directors with effective, broad-based capabilities in risk management, including cybersecurity. The members of the Audit and Finance Committee, which oversees the company’s cybersecurity program, have experience in cybersecurity and in leading organizations operating in industries exposed to significant cybersecurity risks.”

In an earlier response to the cyberattack on UnitedHealth Group’s Change Healthcare, the Senator said: Mark R. WarnerD-Va., introduced a bill in March that would expedite Medicare payments to health care providers who have been victims of a cyberattack if they and their suppliers meet minimum requirements Cybersecurity standards.

“The recent hack of Change Healthcare is a reminder that the entire healthcare industry is vulnerable and needs to step up its performance,” Warner said in a press release at the time. “This legislation would provide some important financial incentives for providers and vendors to do so.”