Submitted by United States Senator Bill Cassidy of Louisiana
WASHINGTON (Apr. 30, 2024) – United States Senators Bill Cassidy, M.D. (R-LA), ranking member of the U.S. Senate Health, Education, Labor, and Pensions (HELP) Committee, Elizabeth Warren (D-MA), and Richard Blumenthal (D-CT) requested answers from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on its efforts to protect the American health care system from ongoing ransomware attacks. The request to CISA Director Jen Easterly comes ahead of the UnitedHealth Group (UHG) CEO Andrew Witty’s testimony in front of the Senate Finance Committee. In February, UHG subsidiary Change Healthcare (Change) suffered a significant cyberattack, impacting patients, providers, and payers.
“On February 21, 2024, Russian-linked cybercriminal group ALPHV Blackcat conducted a ransomware attack on Change, the largest processor of medical claims in the United States. This attack, in which the cybercriminal group shut down Change platforms until it received a $22 million Bitcoin ransom payment, caused widespread and ongoing disruptions to the nation’s healthcare system,” wrote the senators.
“Following the February ransomware attack, Change disconnected more than 100 of its technology platforms which impacted thousands of patients and providers. For example, UHG estimated that more than 90 percent of 70,000 pharmacies in the U.S. had to change how they process electronic claims, creating a severe cash squeeze. Across the country, pharmacies have been barred from filling prescriptions, doctors are forced to wait on prior authorization, medical centers cannot pay their employees, and tens of millions of dollars in insurance payments to providers are delayed,” continued the senators.
“Unfortunately, this attack is emblematic of a growing trend in which cybercriminal groups gain access to, and install ransomware on, a computer system, encrypt the system’s data, and require a ransom payment in order to decrypt the files… The latest attacks on Change Healthcare underscore the urgent need for more oversight and investigation into the frequency, scope, and root causes of these attacks, specifically with regards to cryptocurrency’s role. The people hurt by these ransomware attacks have a right to know what the federal government is doing to protect them,” concluded the senators.
Read the full letter >>