The chairman of the Senate Finance Committee is seeking more answers from UnitedHealth Group CEO Andrew Witty regarding the February cyberattack against its Change Healthcare subsidiary, the Washington Post reported Oct. 17.
The Oct. 15 letter to Mr. Witty from Sen. Ron Wyden of Oregon comes after the UnitedHealth Group CEO testified before the committee in May.
Mr. Wyden said in the letter shared with the Post that the CEO "provided vague, unclear information about the incident and the degree to which it was caused by your company’s lax cybersecurity practices." Mr. Wyden said he sent written follow-up questions after the hearing, but Mr. Witty's response again did not satisfactorily answer his questions. He said his staff has also asked several times to answer those questions, but Mr. Witty's staff did not give satisfactory answers.
"Congress has a responsibility to conduct rigorous oversight to determine what legislative actions might be necessary in the wake of the most significant cyberattack against the U.S. healthcare sector to date," Mr. Wyden said.
The Senator is seeking "full answers" to a series of questions by Nov. 8 and is also asking the company to provide copies of all external cybersecurity audits reports of Change's technology for the five years preceding the incident, including those that took place before UnitedHealth acquired Change in 2022.
UnitedHealth declined to comment on the letter, according to the Post. A spokesperson told the news outlet that UnitedHealth is continuing to engage with policymakers and is "committed to responding to their concerns."
Read the full letter here.