Senator Wyden Urges Investigation into UnitedHealth Group’s Cybersecurity Practices and Calls for Accountability

Senator Ron Wyden, Chairman of the Senate Committee on Finance, has called for a thorough investigation into UnitedHealth Group’s (UHG) cybersecurity practices following a devastating cyberattack on its subsidiary, Change Healthcare. In a letter to federal regulators, Senator Wyden emphasized the need to hold UHG, its senior executives, and board of directors accountable for the harm caused to consumers, investors, the healthcare industry, and U.S. national security.

The cyberattack on Change Healthcare, which Senator Wyden linked to the SolarWinds data breach, has raised serious concerns about UHG’s cybersecurity integrity. The appointment of a Chief Information Security Officer with no prior full-time experience in cybersecurity has been highlighted as a clear example of corporate negligence that has put stakeholders at risk.

The incident involved hackers exploiting a remote access server at Change Healthcare that lacked multi-factor authentication, leading to a ransomware infection that disrupted UHG’s operations. UHG CEO Andrew Witty admitted during a Senate Finance Committee hearing that the company’s MFA policy was not uniformly implemented across all external servers, exposing broader cybersecurity deficiencies.

Senator Wyden pointed out that the failure to implement MFA on all servers contradicts industry standards and regulatory expectations, as mandated by the FTC’s Safeguards Rule. The financial implications of the breach, estimated at over a billion dollars by UHG, underscore the importance of robust cybersecurity practices for investor confidence and market stability.

Wyden’s call for regulatory action underscores the need for accountability in corporate governance regarding cybersecurity risks. The investigation into UHG’s cybersecurity and technology practices aims to determine if federal laws were violated and to address the oversight failures of the Audit and Finance Committee responsible for cybersecurity risk oversight. As cybersecurity threats continue to evolve, the case serves as a stark reminder of the critical importance of proactive cybersecurity measures in safeguarding sensitive data and maintaining business continuity.

Inexperienced CISO Held Responsible for Cyberattack on Change Healthcare

Senator Wyden Urges Investigation into UnitedHealth Group’s Cybersecurity Practices and Calls for Accountability

Related articles

New Cybersecurity Legislation Introduced in Hong Kong

U.S. Agencies Issue Warning on National Security Risks Posed by Venture Capital

Threatening ICS: FrostyGoop Malware Linked to Russia poses a Risk

Recent articles

CrowdStrike Shares Initial Findings of Post Incident Review on Worldwide Microsoft Outage – Intelligent CISO

Snowflake and Meta Collaborate to Bring Advanced AI Technology to Security Review Magazine

The largest hacker alliance to date is set on targeting NATO

Security Flaw ‘PKFail’ Puts Millions of Devices at Risk of Secure Boot Bypass

Latest Updates

CrowdStrike Shares Initial Findings of Post Incident Review on Worldwide Microsoft Outage – Intelligent CISO

Snowflake and Meta Collaborate to Bring Advanced AI Technology to Security Review Magazine

The largest hacker alliance to date is set on targeting NATO

Security Flaw ‘PKFail’ Puts Millions of Devices at Risk of Secure Boot Bypass