The Oct. 15 letter to Mr. Witty from Sen. Ron Wyden of Oregon comes after the UnitedHealth Group CEO testified before the committee in May.
Mr. Wyden said in the letter shared with the Post that the CEO “provided vague, unclear information about the incident and the degree to which it was caused by your company’s lax cybersecurity practices.” Mr. Wyden said he sent written follow-up questions after the hearing, but Mr. Witty’s response again did not satisfactorily answer his questions. He said his staff has also asked several times to answer those questions, but Mr. Witty’s staff did not give satisfactory answers.
“Congress has a responsibility to conduct rigorous oversight to determine what legislative actions might be necessary in the wake of the most significant cyberattack against the U.S. healthcare sector to date,” Mr. Wyden said.
The Senator is seeking “full answers” to a series of questions by Nov. 8 and is also asking the company to provide copies of all external cybersecurity audits reports of Change’s technology for the five years preceding the incident, including those that took place before UnitedHealth acquired Change in 2022.
UnitedHealth declined to comment on the letter, according to the Post. A spokesperson told the news outlet that UnitedHealth is continuing to engage with policymakers and is “committed to responding to their concerns.”
Read the full letter here.
At the Becker's 5th Annual Fall Payer Issues Roundtable, taking place November 2–3 in Chicago, payer executives and healthcare leaders will come together to discuss value-based care, regulatory changes, cost management strategies and innovations shaping the future of payer-provider collaboration. Apply for complimentary registration now.
