Wyden Hearing Statement on Change Healthcare Cyberattack and UnitedHealth Group’s Response, May 1, 2024 – “This morning the Finance Committee examines the Change Healthcare hack that nearly brought the nation’s health care system to a standstill six weeks ago. Joining the committee is Andrew Witty, the CEO of UnitedHealth Group, which owns Change Healthcare. I’ll put things in perspective. Last year, UHG generated $324 billion in revenue, making it the 5th largest company in the U.S. Overall, the company touches 152 million individuals across all lines of business – insurance, physician practice, home health, and pharmacy. With its profits, UHG has purchased dozens of other health care companies and is the largest purchaser of physician practices. This corporation is a health care leviathan. I believe the bigger the company, the bigger the responsibility to protect its systems from hackers. UHG was a big target long before it was hacked. The FBI says that the health care industry is the number one target of ransomware. It’s obvious why. Change Healthcare processes roughly 15 billion health care transactions annually, and a third of Americans’ patient records pass through its digital doors. Change specializes in moving patient data from doctor’s office to doctor’s office, or to and from your insurance company. That means medical bills that are chock full of sensitive diagnoses, treatments, and medical histories that reveal everything from to abortions to mental health disorders to diagnosis of cancer to sexually transmitted infections. Military personnel are included in this data. Leaving this sensitive patient information vulnerable to hackers, whether criminals or a foreign government, is a clear national security threat. I don’t think it’s a stretch the impact here rivals the 2015 hack of government personnel data from the Office of Personnel Management, which the FBI called a “treasure trove” of counterintelligence information for foreign intelligence services..”