Senator pushes for FTC, SEC investigation into UHG cyberattack

May 31, 2024
1 min read

TLDR: Senator Urges FTC and SEC to Investigate UnitedHealth Group’s Cyberattack

Key Points:

  • Senator Ron Wyden has called for investigations by the FTC and SEC into UnitedHealth Group’s Change Healthcare unit cyberattack in February.
  • Wyden believes the company’s CEO and board should be held accountable, not the Chief Information Security Officer.

Senator Wyden, as the chair of the Senate Finance Committee, is urging the FTC and SEC to examine the cyberattack on UnitedHealth Group’s Change Healthcare unit. He believes UnitedHealth Group’s negligent cybersecurity practices have caused substantial harm and should be held accountable. Wyden specifically points the finger at CEO Andrew Witty and the board of directors, rather than scapegoating the CISO, Steven Martin. While Martin lacked prior experience in cybersecurity, Wyden suggests the blame should rest on leadership for elevating him to the role.

In the wake of the incident potentially affecting one-third of the U.S. population, Wyden highlights concerns around the company’s usage of multifactor authentication for all systems and the role of cybersecurity in protecting consumers’ personal information. UnitedHealth Group responded by stating its commitment to cybersecurity and readiness to work with policymakers to address the issue.

In conclusion, Senator Wyden’s call for investigations into UHG’s cybersecurity practices highlights the importance of holding leadership accountable for cybersecurity failures and implementing industry-standard defense practices to protect consumer data.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and