Ranking Member Raskin Demands Answers from UnitedHealth Group Following Change Healthcare Cyberattack
Extended Outages at Health Care Giant Disrupted Patient Care and Operations for Thousands of Hospitals, Pharmacies, Physicians, Medical Practices
Washington, D.C. (March 25, 2024)—Today, Rep. Jamie Raskin, Ranking Member of the Committee on Oversight and Accountability, sent a letter to Mr. Andrew Witty, CEO of UnitedHealth Group, requesting a briefing and information on the Change Healthcare cyberattack and subsequent system outages starting in February 2024.
“Given your company’s dominant position in the nation’s healthcare and health insurance industry, Change Healthcare’s prolonged outage as a result of the cyberattack has already had ‘significant and far-reaching’ consequences for patients, physicians, and thousands of hospitals, pharmacies and medical practices, and is disrupting patients’ timely access to affordable medication and treatments,” wrote Ranking Member Raskin. “Patients who rely on life-saving medications may have to choose between paying high out-of-pocket prescription medication costs, devote significant time and resources to finding affordable alternatives, or delay obtaining their medication altogether if their pharmacy’s billing and coverage services were disrupted as a result of the cyberattack.”
On February 21, 2024, Change Healthcare experienced a network interruption related to a cyber security issue. The next day, the company reported to the Securities and Exchange Commission that a “cyber security threat actor had gained access to some of the Change Healthcare information technology systems.”
Following the shutdown of Change Healthcare’s system environment, many health care providers, pharmacies, and hospital networks began reporting significant processing delays and ongoing interruptions for prescription claims, billing, and other administrative activities.
On March 13, 2024, Committee staff received a briefing by the Cybersecurity Infrastructure and Security Agency (CISA) on this situation in which CISA stated that the agency is “handcuffed in this instance because of the lack of transparency and lack of information flowing into us [from UnitedHealth Group/Change Healthcare].”
To help the Committee understand the scope and extent of the Change Healthcare cybersecurity breach and subsequent system outages, and the steps the company is taking to remedy these disruptions, Ranking Member Raskin requests UnitedHealth Group provide the requested information and a staff briefing on the incident no later than April 8, 2024.
Click here to read the letter to UnitedHealth Group.
###