Senate summons Change Healthcare leader to testify about cyberattack

A second group of federal lawmakers has announced a hearing this week on the massive cyberattack against Change Healthcare.

The Senate Finance Committee will convene “Hacking America's Health Care: Assessing the Change Healthcare Cyber Attack and What's Next,” with UnitedHealth Group CEO Andrew Witty to testify. UnitedHealth Group is the corporate parent of Change Healthcare. The hearing is scheduled for 9 a.m. May 1 and was announced after the House of Representatives Energy and Commerce Committee hearing, scheduled at 2 p.m. the same day.

Finance Committee Chair Sen. Ron Wyden (D-Oregon) announced the hearing without additional commentary. However, “Tech, Internet and Cybersecurity” is a category under his issues and areas of concern.

“Ron believes in common-sense cybersecurity,” his website said. “That is, we can greatly improve our cybersecurity by listening to experts and then adopting the widely available security technologies that they’ve long advocated, but which haven’t rolled out due to inertia. Moreover, Ron believes that strong cybersecurity makes Americans more secure against criminals, stalkers, or predators who are waiting to exploit vulnerabilities in our devices.”

The Feb. 21 hack of Change Healthcare sent shockwaves through the health care sector, along with technical challenges that have disrupted the finances for medical practices, pharmacies and health systems.

Two months later, UnitedHealth Group pledged support for those concerned their personal data was involved in the cyberattack.

“Based on initial targeted data sampling to date, the company has found files containing protected health information (PHI) or personally identifiable information (PII), which could cover a substantial proportion of people in America,” the company said in an online update April 22. “To date, the company has not seen evidence of exfiltration of materials such as doctors’ charts or full medical histories among the data.”

“We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it,” said Andrew Witty, chief executive officer of UnitedHealth Group.

The company has created the website http://changecybersupport.com/ and a dedicated call center at 1-866-262-5342 for customer support.

As of April 22:

• Pharmacy services were restored to 99% of pre-incident pharmacies processing claims.
• Medical claims were flowing at near-normal levels as systems went back online or providers switched to other methods of submission.
• Payment processing was restored to an estimated 86% of pre-incident levels.
• Approximately 80% of Change functionality was restored on major platforms and products.