Lawmakers are questioning UnitedHealth Group's response to the cyberattack that took Change Healthcare's systems offline for nearly a month.
Rep. Jamie Raskin, a Maryland Democrat and ranking member of the House Oversight Committee, sent a letter to UnitedHealth Group CEO Andrew Witty on March 25. In his letter, Mr. Raskin wrote the oversight committee is "concerned that UnitedHealth Group is restricting the ability of federal agencies to provide applicable assistance to Change Healthcare."
According to Mr. Raskin's letter, the Cybersecurity and Infrastructure Security Agency told oversight committee staff it was "handcuffed in this instance because of the lack of transparency and lack of information flowing into us [from UnitedHealth Group/Change Healthcare]."
Mr. Raskin requested additional information from the company on the extent of protected health information exposed in the hack and its response to the hack, and asked UnitedHealth Group to give a briefing to oversight committee staff.
Change Healthcare, a subsidiary of UnitedHealth Group's Optum, was hacked by ransomware group ALPHV/BlackCat on Feb. 21. UnitedHealth Group has restored its services over the course of several weeks. Change Healthcare said March 22 it planned to restore its biggest clearinghouse platforms over the weekend and start processing $14 billion in claims.
"We're aware of a letter from the House Oversight and Accountability Committee and are reviewing the specifics," a spokesperson for UnitedHealth Group told Becker's. "Our immediate focus is to restore our systems, protect data and support those whose data may have been impacted."
Mr. Raskin is the latest lawmaker to scrutinize the attack and the ongoing fallout. The Senate Finance Committee is working to secure a hearing with Mr. Witty this spring, according to The Washington Post.
The federal government launched an investigation into the attack on March 13.