Capitol Correspondence - 04.16.24

Congress Reconvenes with Cybersecurity in Focus Following Change Healthcare Attack

Share this page

As both chambers of Congress resume, the recent cyberattack on Change Healthcare has prompted a renewed emphasis on cybersecurity measures across the health care sector. The attack, which disrupted provider payments nationwide, has drawn significant attention from lawmakers, spurring inquiries and hearings to address cybersecurity vulnerabilities.

While the immediate effects of the February Change Healthcare attack have subsided, concerns linger, prompting action on Capitol Hill. The House Energy and Commerce Health Subcommittee is set to delve into the issue further with a scheduled hearing today. The focus of the hearing will be on cybersecurity measures in health care, with witnesses including experts in health care cybersecurity.

Andrew Witty, CEO of UnitedHealth, the parent company of Change Healthcare, has been summoned to appear before the Senate Finance Committee. However, as of yet, no hearing date has been confirmed publicly. This summons follows mounting frustration from top officials in the Biden administration regarding UnitedHealth’s handling of the cyberattack. Last month, the Department of Health and Human Services (HHS) called on UnitedHealth to adopt a more transparent approach regarding the attack.

Senator Ron Wyden (D-OR), the ranking Democrat on the Senate Finance Committee, has been particularly vocal in his criticism of UnitedHealth’s cybersecurity practices and the broader industry’s preparedness for such attacks. The scrutiny from lawmakers underscores the urgency of bolstering cybersecurity defenses within the health care sector to safeguard against future threats.