Congress turns its eye to health care cybersecurity 

The attack on Change Healthcare in February derailed health care payments across the country as insurance claims went unpaid. The company, a subsidiary of UnitedHealth Group, provides technology for submitting and processing insurance claims. 

In the weeks that followed the attack, more than 80 percent of hospitals said their cash flow had been impacted. The administration acted to ensure hospitals got paid, at least when it came to Medicare payments, approving accelerated and advance payments to systems anticipating delays. 

Now Congress is beginning its own inquiries into what happened. 

The House Energy & Commerce Health subcommittee will hold a hearing Tuesday looking into health sector cybersecurity, with a panel of cybersecurity experts set to testify. 

Sen. Ron Wyden (D-Ore.), chair of the Senate Finance Committee, said Monday a hearing on the Change attack would be forthcoming. 

“We’ll be heading towards a hearing under the system of how we announce things, you know, we’ll be getting into that here very, very shortly,” Wyden said while speaking at the American Hospital Association’s Annual Membership Meeting. 

“It’s not surprising that people weren’t ready for [the attack]. The health care sector is a prime target for criminals and foreign adversaries like China and Russia. Here again, we’ve got middlemen companies so large they control core functions in the healthcare system,” he said. “You get into a situation where these operations are so big, there is a systemic cybersecurity risk.” 

While a spokesperson for Senate Finance Democrats did not confirm that a hearing would be taking place, The Washington Post previously reported that UnitedHealth Group CEO Andrew Witty would be the sole witness at an April 30 hearing. The company also confirmed to Politico that Witty would be testifying.