Senators Josh Hawley (R-Missouri) and Richard Blumenthal (D-Connecticut) announced Friday that they have written to UnitedHealth Group CEO Andrew Witty asking a series of questions related to what they called UHG’s lack of “sufficient redundancy to prevent an outage,” a timeline of events related to the Feb. 21 ransomware attack and how UHG filled the revenue gap left by its suppliers. level is being encountered.
Senators requested a response by April 15.
WHY IS IT IMPORTANT?
Hawley, who serves as ranking member of the Senate Judiciary Subcommittee on Privacy, Technology and the Law, announced on his website Friday that the April 1 letter also requested “UHG proactively advance payments on all claims – not just UHG claims – to suppliers.” and ask what the company is doing to ensure a violation of this magnitude never happens again.
In more than 12 questions, Hawley and Blumenthal, the subcommittee chair, sought not only details about the origins of the Change Healthcare ransomware attack but also the processes that Change and UHG were using to identify the victims. providers and patients were compromised and what cybersecurity improvements were made. make.
Hawley and Blumenthal called the financial instability downstream of the health care sector “alarming,” especially for small and rural providers.
“With the system still offline, the company is paying fewer insurance claims than usual,” they noted in the letter.
The senators also asked about Optum’s reported efforts to acquire bankrupt medical practices, asking the company to provide a list of names and acquisition efforts.
“UnitedHealth’s efforts to ‘profit from the desperation’ created by its own failures are unconscionable,” the senators said.
Furthermore, the senators said that the “origins of this crisis” can be traced to UHG’s purchase of Change Healthcare, one of its Optum subsidiary’s main competitors.
“Medical trade groups warn that the merger would not only lead to a near-monopoly in health IT but also give UnitedHealth Care – the country’s largest insurer and is a subsidiary of UHG – access to competitor complaints and policy information.” .
BIGGER TREND
UHG said as recently as March 27 on the cyber feedback site Change Healthcare that the company was working together to restore products and services.
Change Healthcare’s parent company also said it has advanced “nearly $4.7 billion to providers in need” and will continue to provide financial support until the recovery is complete.
UHG previously announced more than $2 billion in upfront payments to providers while the U.S. Department of Health and Human Services’ Office for Civil Rights announced on March 13 an investigation to determine determine whether protected health information was breached and whether UHG’s HIPAA compliance was breached following the cyberattack.
On April 3, UHG asked a US court in Nashville, Tennessee, to consolidate at least 24 class action lawsuits accusing the payment processor of failing to protect personal data, according to a Reuters news report.
According to cybersecurity experts, the attack affected organizations across the healthcare sector, highlighting the urgency of contingency planning for healthcare organizations. Cybersecurity experts say more efforts are needed to avoid chain reactions of cyberattacks in the healthcare sector.
ON PROFILE
“The consequences of UHG’s failure to properly protect against cyber threats and the subsequent prolonged shutdown of its services are severe,” the Senators said in their letter. . “Providers cannot prescribe medications, verify patient eligibility for treatment, and submit insurance claims.”
Andrea Fox is a senior editor at Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
