Wyden Asks FTC and SEC to Probe Cyberattack on UnitedHealth
The FTC and SEC should hold UnitedHealth Group accountable for “negligent cyber practices” that exacerbated a February ransomware attack against the company, Senate Finance Committee Chairman Ron Wyden, D-Ore., wrote the agencies Thursday. UHG confirmed hackers initially breached a remote access server because it wasn’t protected with multifactor authentication, Wyden said: “The cyberattack against UHG could have been prevented had UHG followed industry best practices. UHG’s failure to follow those best practices, and the harm that resulted, is the responsibility of the company’s senior officials.” Wyden urged the FTC and SEC to investigate UHG’s “numerous cybersecurity and technology failures” and determine if it broke federal laws. The FTC confirmed receiving the letter but declined comment. The SEC said Chair Gary Gensler will respond to Congress directly. UHG defended the company’s response to the attack on Change Healthcare. A spokesperson said Thursday: “The fact that the company moved quickly and effectively in response to this attack is testament to our company’s commitment to strong cybersecurity.” UGH is looking forward to working with policymakers and stakeholders to develop “strong, practical solutions,” the company said.