Curated Content | Thought Leadership | Technology News

Senator Pushes for FTC Investigation Following Recent Healthcare Attack

Claiming negligent practices.
Ryan Uliss
Contributing Writer
Capitol dome building exterior with a digital padlock visible, symbolizing politics with a cybersecurity emphasis.

In a letter to federal regulators, Senator Ron Wyden highlighted the recent cyberattack on Change Healthcare, a UHG subsidiary, claiming it was a result of negligent practices, and calling for an investigation into the company’s cybersecurity protocols. Wyden has criticized UnitedHealth Group (UHG) for appointing what he views as an underqualified Chief Information Security Officer (CISO), linking this decision to significant cybersecurity lapses.

Wyden’s letter highlights what he believes are the lasting negative repercussions for the public due to poor decision-making by UHG’s leadership, drawing parallels with the infamous SolarWinds breach. He emphasizes the urgent need for holding UHG’s senior executives accountable for failing to adopt industry-standard cybersecurity measures, which has endangered consumers, investors, and national security.

Why it matters: Given the highly sensitive nature of the data that healthcare organizations manage, implementing rigorous and comprehensive cybersecurity measures is paramount to safeguarding personal and medical information from today’s cyber threats. Senator Wyden’s claims about the lack of effective cybersecurity protocols at UHG have highlighted potential issues in how the healthcare industry approaches corporate governance and risk management.

  • Criticism of CISO Appointment: Wyden criticized UHG’s decision to appoint Steven Martin, an individual without full-time cybersecurity experience, as their Chief Information Security Officer. The breach’s staggering estimated cost, exceeding a billion dollars, not only disrupted UHG’s operations but also jeopardized the well-being of countless individuals relying on the company’s services and medication delivery.
  • Cyberattack on Change Healthcare: The attack on Change Healthcare, which exposed the lack of multi-factor authentication (MFA) on remote access servers, triggered significant operational disruptions and cast a harsh spotlight on UHG’s cybersecurity practices – a spotlight that only intensified when Senator Wyden highlighted the company’s failure to meet the basic security standards mandated by the Federal Trade Commission (FTC) for financial services, such as implementing MFA.
  • Call for Federal Investigation: Wyden urged the FTC and Securities and Exchange Commission (SEC) to investigate UHG’s cybersecurity practices to determine if any federal laws were violated and to hold any liable senior officials accountable.

Go Deeper -> UnitedHealth’s Leadership Criticized by Senator Wyden for Appointment of Underqualified CISO – The Cyber Express

UnitedHealth Leaders Should be Held Responsible for Installing Inexperienced CISO, Senator Says – The Record

You have free article(s) left this month courtesy of CIO Partners.

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Would You Like To Save Articles?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Save My Spot For TNCR LIVE!

Thursday April 18th

9 AM Pacific / 11 PM Central / 12 PM Eastern

Register for Unlimited Access

Already a member?

Digital Monthly

$12.00/ month

Billed Monthly

Digital Annual

$10.00/ month

Billed Annually

Would You Like To Save Books?

Enter your username and password to access premium features.

Don’t have an account? Join the community.

Log In To Access Premium Features

Sign Up For A Free Account

Please enable JavaScript in your browser to complete this form.