On Capitol Hill on Wednesday, UnitedHealth Group Inc.’s CEO faced two congressional sessions over the hack that targeted the company’s Change Healthcare unit, highlighting the company’s dominant position in the U.S. healthcare market. There is now more focus on UnitedHealth’s scale and power in the healthcare sector following the attack on the main clearinghouse for healthcare claims, which is regarded as the largest cybersecurity interruption to the U.S. healthcare system in history. Among its many businesses, the corporation manages a sizable pharmacy-benefits manager, a health insurer, owns outpatient centers, and hires doctors.
Sen. Ron Wyden, a Democrat from Oregon, chair of the Senate Finance Committee, called UnitedHealth CEO Andrew Witty “a healthcare leviathan” during a hearing on Wednesday morning. As per his statement, the hack serves as a grave cautionary tale about the repercussions of massive, unaccountable businesses acquiring increasingly greater portions of the healthcare sector.
We still don’t completely understand the entire impact of the incident, which jeopardized patient privacy and interfered with healthcare professionals’ ability to submit claims and get compensated for their services. In prepared testimony for the Wednesday afternoon Oversight and Investigations subcommittee hearing on the breach by the House Energy and Commerce Committee, Witty stated that UnitedHealth is “working to understand the full scope of impacted patient, provider, and payer information.”
According to UnitedHealth, the fact that it owns Change Healthcare may have contributed to lessening the aftermath of the attack. Witty stated on the company’s April 16 earnings call that “this attack would likely still have happened, and it would have left Change Healthcare, I think, extremely challenged to come back” if UnitedHealth hadn’t purchased the insurance-claims processor.
According to Witty’s prepared statement, the healthcare behemoth has given concerned providers free credit monitoring and identity theft protection for a period of two years. It has also given affected providers loans with no interest and accelerated payments totaling over $6.5 billion.
In 2022, the U.S. Department of Justice filed a lawsuit to stop UnitedHealth from purchasing Change Healthcare, claiming that the transaction would harm innovation and competition. However, a federal judge upheld the transaction’s legality. Principal deputy assistant attorney general Doha Mekki stated in a statement at the time the case was filed that UnitedHealth would gain “control of a critical data highway through which about half of all Americans’ health insurance claims pass each year” as a result of the deal.
Witty testified before the Senate Finance Committee on Wednesday morning that the hackers initially got access to the Change Healthcare systems via a portal that was not secured by multi-factor authentication.
A few politicians attempted to connect the scope of the cyberattack to UnitedHealth’s size. During Wednesday’s Senate Finance hearing, Louisiana Republican Sen. Bill Cassidy stated, “Yes, you have the deep pockets by which to address this, but the very fact that you’re so big means it had a wide-ranging ripple effect that was outsized.” Is United’s dominant role too strong because it permeates everything and upsetting United upends everyone else? Cassidy enquired.
Witty informed the committee that Change Healthcare’s operations and footprint were same on the day of the assault and prior to its acquisition by UnitedHealth. Despite its size, UnitedHealth does not own any hospitals or pharmaceutical companies in the United States, thus Witty responded, “I don’t believe it is,” when asked if the firm is “too big to fail.”
According to certain lawmakers, the company’s size presents additional concerns for both patients and doctors. The Massachusetts Democrat Elizabeth Warren called UnitedHealth “a monopoly on steroids” and said during the hearing, “You’re now in a position to jack up prices because UnitedHealth has bought up every link in the healthcare chain.” Warren cited a Wall Street Journal article from February.
During a discussion with reporters organized by the nonprofit organization KFF for health policy research, chair Lina Khan mentioned last week that cybersecurity risks may be taken into consideration by the Federal Trade Commission when reviewing potential transactions. She also mentioned new merger guidelines that the agency released the previous year. “That could definitely be part of our analysis if we think a merger could substantially lessen competition in ways that could eliminate the incentive to continue investing in data security or otherwise create some of these consolidation risks,” Khan said.
In contrast to the S&P 500’s 5.2% increase, UnitedHealth shares gained 0.5% on Wednesday morning and had decreased 7.6% year to date.