Lawmakers seek public hearing with UnitedHealth Group CEO Andrew Witty for mismanagement of the cyber attack response and for implementing administrative barriers to emergency relief
Physician practice lawsuits are snowballing as the DoJ and HHS investigate mismanagement, over-billing, antitrust manipulation and loan issues
The Senate Finance Committee is working to secure a hearing with UnitedHealth Group CEO Andrew Witty this spring, The Washington Post reported March 22.
Senators' inquiry will occur more than a month after UnitedHealth subsidiary Change Healthcare reported a cyberattack Feb. 21 in a situation that has since evolved to become "the most significant and consequential incident of its kind against the U.S. healthcare system in history," according to the American Hospital Association.
The Post cited three unnamed sources for the information. The outlet noted that while UnitedHealth confirmed its participation in a Senate Finance Committee hearing, Mr. Witty's presence and the precise date are not yet confirmed.
Change Healthcare confirmed to Becker's Feb. 29 the cybersecurity issue was perpetrated by a "cybercrime threat actor who has represented itself to us as ALPHV/Blackcat," a ransomware as a service group.
In a March 14 session on HHS' proposed 2025 budget, Senate Finance Chairman Ron Wyden discussed the cyberattack with HHS Secretary Xavier Becerra and asked for Mr. Becerra's cooperation in holding "negligent CEOs" accountable in healthcare cybersecurity matters.
"For a long time, these private companies have been allowed to set their own standards, and it doesn't seem very surprising that neither UnitedHealth Group nor federal agencies were prepared for the attack on Change Healthcare and its fallout," the senator said.
Mr. Wyden said that although HHS' budget contains greater penalties for compliance violations and mandatory cybersecurity standards for hospitals, he wants further action.
"Mandatory standards are a great first step. But we've got to do more. The next step has to be fines and accountability for negligent CEOs, for example, which will enable HHS to better protect patients and our national security."
Change Healthcare, a revenue cycle management services provider, handles 15 billion transactions per year and is the nation's largest commercial prescription processor. It combined with UnitedHealth Group's Optum in October 2022.
Since the February attack that caused system outages, UnitedHealth Group has worked to design accelerated payment systems and workarounds amid ongoing system recovery efforts. Federal agencies have taken action by opening an investigation into the insurer, warning hospitals about "malicious cyber actors," and extending flexibilities to states for interim Medicaid payments.
UnitedHealth Group is currently being investigated for an array of White Collar Crimes by the U.S. Department of Justice and the Department of Health and Human Services including antitrust crimes, systemic over-billing fraud, and most recently, high fees for emergency relief.
As of March 22, Change Healthcare said it was planning to restore its biggest clearinghouse platforms over the weekend and start processing $14 billion in claims. The UnitedHealth Group subsidiary said it brought the Assurance claims preparation system back online March 18 and intended to reinstate Relay Exchange, its largest clearinghouse, over the weekend of March 23.
The company has been dealing with IT outages since a Feb. 21 ransomware attack, leading to widespread reimbursement and pharmacy disruptions for hospitals and health systems across the country. Change said as of March 22, more than $14 billion in claims had been set up for processing through Assurance.
Health systems have been losing tens of millions of dollars a day from the Change outage and physicians and mental health professionals at independent clinics have been financing operations from personal savings.