‘Do You Feel Like Your Company Is Prepared For Another Cyberattack?’: Grassley Asks UnitedHealth CEO
During a Senate Finance Committee hearing on Wednesday, Sen. Chuck Grassley (R-IA) questioned UnitedHealth Group CEO Andrew Witty about the Change Healthcare cyberattack earlier this year.
Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:
https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript
Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:
https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript
Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Category
🗞
NewsTranscript
00:00 Senator Grassley is next. Welcome to the committee. Last month I wrote to Health and Human Services
00:06 Secretary Becerra regarding protecting critical infrastructure within the health care sector.
00:13 In that letter I highlighted the need for a strong relationship between public and private
00:20 partners to ensure the safety of U.S. critical infrastructure systems. I also inquired about
00:28 legacy information technology systems. Cyber attacks on our health care system not only have
00:35 severe impact on our economy but put lives at risk. So my first question is what's United
00:43 Health Group's relationship with HHS and other government agencies as it relates to
00:50 cybersecurity of the health care industry? How have HHS and Cybersecurity and Information
00:59 Security Agency worked with your company in the aftermath of the cybersecurity failure?
01:06 Senator Grassley, thank you for the question. We've had a close engagement, I would say daily
01:13 engagement, with particularly CMS within HHS. CMS has been extremely engaged and supportive
01:18 through this particularly in terms of how we've worked to support providers and to prioritize
01:25 recovery of the system. And the FBI has been our prime partner in terms of law enforcement
01:32 and response to the attack itself. Does United Health Group use legacy IT systems
01:41 that need to be updated? If so, what's been done to update?
01:46 So Change Healthcare is a good example of a company that came into our organization with
01:52 older technology, the 40-year-old company with many different technology generations within it.
01:57 As we always do with new companies like that, we strive to upgrade them to the standards of
02:03 United Health Group, which I believe are consistently higher than the companies that
02:08 we've brought into the organization. I think you touched on it, but let me ask
02:13 specifically, has United Health Group taken every available action to immediately remove
02:19 memory safety risk in its IT and software? >> Sir, could you just repeat that, please?
02:26 I couldn't hear the second part of the question. >> He asked you to repeat it.
02:30 >> What? >> Repeat it, your question.
02:33 >> Oh. >> No, he said he couldn't understand.
02:37 >> Oh. >> Well.
02:40 >> So he just asked you to repeat the question. >> Yeah.
02:45 Has United Health Group taken every available action to immediately remove
02:50 memory safety risk in its IT and software? >> I'm not sure I completely understand
02:59 the question around memory safety risk. >> Okay.
03:02 >> I can assure you that since the attack -- >> Why don't you do this,
03:05 answer that question in writing? >> Absolutely.
03:08 >> Yeah. >> Happy to do so.
03:09 >> My understanding is that Change Healthcare touches one in three medical records in the
03:18 United States. I'd like to better understand how Change Healthcare stores and manages patient
03:25 data. How does Change Healthcare manage and store patient data? Where is the data stored?
03:32 Is it stored by third parties? And at what point through processing, coding, and storing
03:39 is patient data ever sent overseas? >> So Change Healthcare stores data both
03:46 on-premises in data centers and also to a limited extent in the cloud. As we've rebuilt the
03:52 technology environment, we have moved much more into the cloud, which we believe creates a much
03:59 more secure future environment. >> According to the FBI, there were 249
04:06 ransomware attacks against the healthcare industry in 2023. Has United Healthcare Group
04:16 experienced another cyber attack since February 21?
04:20 >> I'd have to come back to you on that. We are under attack consistently. I'd like to
04:28 make sure I'm accurate in how I respond to that question, and I'd be happy to come back to you
04:33 with that. >> In writing, okay.
04:35 Do you feel like your company is prepared for another cyber attack? And this will be my last
04:43 question. >> Senator, thank you for that question. We are doing everything we can to be as prepared
04:50 as possible, but we recognize the pressure of the attacks that come in. I believe that we are
04:56 taking every sensible precaution, and we brought in multiple third-party expert organizations to
05:04 supplement our own teams. Where I hope we can also look for is ways in which we can start to
05:12 reduce the attack pressure on the systems that we're all trying to manage. >> Thank you. Senator