Senators Josh Hawley (R-Missouri) and Richard Blumenthal (D-Connecticut) announced Friday that they had asked UnitedHealth Group Chief Executive Officer Andrew Witty a series of questions regarding what they called UHG’s lack of “sufficient redundancy to ‘to prevent a malfunction’. ” a timeline of events related to the February 21 ransomware attack and how UHG is filling the revenue gap that providers are experiencing.
Senators requested answers by April 15.
WHY IT MATTERS
Hawley, who serves as ranking member of the Senate Judiciary Subcommittee on Privacy, Technology and the Law, announced on his website Friday that the Letter dated April 1 also demands “that UHG proactively advance payments for all claims – not just UHG claims – to suppliers” and asks what the company is doing to ensure a breach of this magnitude never happens again.
In more than a dozen questions, Hawley and Blumenthal, the subcommittee chair, sought not only granular details about the origins of the Change Healthcare ransomware attack, but also what processes Change and UHG use to identify compromised healthcare providers and patients and which cybersecurity improvements have been made. made.
Hawley and Blumenthal called the healthcare industry’s downstream financial instability “alarming,” especially for rural and small providers.
“With the systems still offline, the company is paying out far fewer insurance claims than normal,” they write in their letter.
The senators also asked about Optum’s reported attempts to acquire medical practices that went bankrupt, asking the company for a list of names and takeover attempts.
“UnitedHealth’s attempts to ‘profit from the desperation’ created by its own failures are unconscionable,” the senators said.
Furthermore, the senators said the “origin of this crisis” can be traced back to UHG’s purchase of Change Healthcare, one of the main competitors of its subsidiary Optum.
“Medical trade groups warned that the merger would not only result in a near-monopoly in healthcare IT, but also give UnitedHealth Care – the nation’s largest insurer and a subsidiary of UHG – access to claims and policy information from competitors,” said Hawley and Blumenthal. .
THE BIG TREND
UHG last stated this on March 27 Change the healthcare cyber response page that the company works together to repair products and services.
Change Healthcare’s parent company also said it has “advanced nearly $4.7 billion to healthcare providers in need” and will continue to provide financial support until the recovery is complete.
UHG previously announced more than $2 billion in upfront payments to providers, while the U.S. Health and Human Services’ Office for Civil Rights announced an investigation on March 13 to determine whether protected health information had been breached and whether UHG’s compliance with HIPAA had been breached by the cyber attack.
On April 3, UHG asked a U.S. court in Nashville, Tennessee, to consolidate at least 24 class action lawsuits accusing the payment processor of failing to protect personal data, according to a Reuters news report. story.
The attack, which has affected organizations across the healthcare continuum, highlights the urgency of contingency planning for healthcare organizations, according to cybersecurity experts who say more efforts are needed to prevent chain reactions of healthcare cyberattacks.
ON THE RECORD
“The result of UHG’s failure to properly protect itself against cyber threats and the subsequent prolonged outage of its services has been devastating,” the senators said in their letter. “Providers were unable to write prescriptions, verify patients’ eligibility for treatment, and file insurance claims.”
Andrea Fox is editor-in-chief of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.