Senator Ron Wyden is urging regulators to investigate UnitedHealth Group Inc. (NYSE:UNH) for what he perceives as “negligent” security practices that led to a significant hack in the U.S. healthcare sector.
In a letter addressed to the Federal Trade Commission (FTC) and the Securities and Exchange Commission (SEC), Wyden, a Democrat from Oregon, called for a probe into the company’s “numerous cybersecurity and technology failures” to determine if any laws were violated.
UnitedHealth responded to the points outlined in Wyden’s letter, asserting that it promptly and effectively addressed the attack and emphasized its strong commitment to security. The FTC declined to comment, while the SEC did not respond.
Following Wyden’s call for an investigation, shares of UnitedHealth experienced a decline of up to 1.4% on Thursday. The stock had already decreased by about 8% throughout the year leading up to Wednesday.
The security breach in February, which reportedly resulted in profits declining by as much as $1.6 billion, including a $22 million ransom payment to the hackers, has put pressure on UnitedHealth. While an executive noted progress in restoring systems, the company’s status website indicates that several products are still only partially restored.
Wyden, who chairs the Senate Finance Committee, has previously scrutinized UnitedHealth’s handling of cybersecurity issues. During testimony on May 1, Chief Executive Officer Andrew Witty faced questioning from Wyden, who alleged that the company failed to implement basic security measures. Witty acknowledged that the attackers exploited a server lacking multifactor authentication.
The senator emphasized the significant harm caused by the breach, labeling it “completely preventable” and attributing it to corporate negligence. Additionally, concerns were raised about the potential exploitation of exposed data, including information on military and government personnel, by foreign adversaries such as China and Russia.
The hack resulted in disruptions to Change Healthcare’s computer network, affecting the processing of medical claims worth $2 trillion annually and causing challenges for pharmacies and patients seeking treatments. Providers faced financial difficulties, with some resorting to loans and personal funds to maintain operations.
Wyden criticized UnitedHealth’s management for lacking cybersecurity expertise on its board. In response, the company stated that its board possesses skills in risk management, including cybersecurity, and highlighted the recent hiring of a cybersecurity consulting firm to advise its directors.
Featured Image: Megapixl