UnitedHealth Group Leader to Appear before Congress following Change Healthcare Cyberattack

Lawmakers to discuss fallout from cyberattack

April 23, 2024

The CEO of UnitedHealth Group is set to testify before federal lawmakers 10 weeks after the Change Healthcare cyberattack caused industry-wide disruption.

UnitedHealth Group CEO Andrew Witty will testify before the House Energy and Commerce’s oversight and investigations subcommittee on May 1, the chairs of the respective committees said last week.

"Americans are still dealing with the fallout of the Change Healthcare hack,” House Energy and Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and Subcommittee on Oversight and Investigations Chair Morgan Griffith (R-VA)  said in a joint statement. “Individuals and smaller providers, in particular, have struggled financially following the cyberattack, threatening critical access for patients.”

• Background:  Change Healthcare is one of the nation’s largest providers of health care payment management systems. The February 21 cyberattack has affected billing, pre-authorization, and payment processes for hospitals and other providers across the U.S., and still poses challenges.
• Call to action:   Lawmakers have been calling on leaders from UnitedHealth to appear before Congress to answer questions about their cybersecurity practices and response to the cyberattack.
• Uncertain timeline:  UnitedHealth continues to list many of its services as partially restored, with restoration still in progress in several other areas (clinical exchange, risk manager, payor connectivity services, etc.).
• Strong lawmaker interest:  The hearing will be the second in three weeks on the topic. Last week, the U.S. Energy and Commerce Health subcommittee hosted a hearing about the next steps following the cyberattack.
• Recent update:  UnitedHealth Group on April 22 issued a news release regarding its preliminary review of the data involved in the cyberattack on Change Healthcare.
• Quotable:  “While we’re disappointed that UnitedHealth could not join us for the recent Health Subcommittee hearing on cybersecurity, we look forward to learning more on what happened in the lead up to, and in the weeks following, the attack,” Rodgers and Griffith said. “This hearing will help inform the committee as we continue working toward solutions that protect the health and well-being of all Americans.”

HAP continues to monitor the latest Change Healthcare cybersecurity news and advocate on behalf of our members. Earlier this month, HAP created a one-stop shop to offer the latest resources online, including exclusive member-only information (login required).