UnitedHealth Group Inc.’s Change Healthcare unit suffered significant disruptions and patient data breaches due to a ransomware attack, prompting three US senators, led by Senator Elizabeth Warren, to send a letter to the US Cybersecurity and Infrastructure Security Agency (CISA) regarding its response. The senators asked for details on CISA’s actions in addressing the breach, its collaboration with other government agencies, and efforts to combat ransomware threats.
The intrusion at Change demonstrated the vulnerabilities of centralized systems in the healthcare industry, affecting billions of dollars in payments and potentially reducing UnitedHealth’s profits by $1.6 billion. The urgent threat posed by cybersecurity breaches prompted the senators to seek a comprehensive understanding of the cybersecurity landscape, especially surrounding the events related to the Change cyberattack. The letter was also signed by Senator Bill Cassidy and Senator Richard Blumenthal.
The senators specifically requested information on how CISA worked with the FBI to provide information about the BlackCat hacker group allegedly responsible for the breach. They also inquired about the frequency and costs of ransomware attacks, efforts to create a warning system, and strategies to prevent payment of ransoms with cryptocurrencies. A spokesperson for CISA declined to comment on the matter.
UnitedHealth confirmed paying a ransom to protect patient data but did not disclose the amount. As UnitedHealth’s top executive prepares to address the attack in House and Senate hearings, this incident highlights the need for improved cybersecurity measures in critical industries such as healthcare.
