Ransomware, Governance, Risk and Compliance

Federal investigation into UnitedHealth urged after Change Healthcare attack

United Health Group CEO Andrew Witty

Both the Federal Trade Commission and Securities and Exchange Commission were sought by Senate Finance Committee Chair Ron Wyden, D-Ore., to launch a probe into the cybersecurity failures of UnitedHealth Group that resulted in the massive ransomware attack against Change Healthcare, reports The Record, a news site by cybersecurity firm Recorded Future.

Such an attack may have stemmed from UnitedHealth's appointment of Steven Martin as the firm's chief information security officer despite not having had a full-time cybersecurity job prior to holding the position, a decision which UHG's CEO and board of directors should be held accountable for, said Wyden in a letter to FTC Chair Lina Khan and SEC Chair Gary Gensler.

"Due to his apparent lack of prior experience in cybersecurity, it would be unfair to scapegoat Mr. Martin for UHG's cybersecurity lapses. Instead, UHG's CEO and the company's board of directors should be held responsible for elevating someone without the necessary experience to such an important role in the company, as well as for the company's failure to adopt basic cyber defenses," wrote Wyden.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.