Cyber Crime
Senator Blames UnitedHealth CEO for Installing Inexperienced CISO Amid Ransomware Attack
Senator Ron Wyden has called for UnitedHealth Group’s top leaders to be held accountable for a massive ransomware attack, citing the appointment of an inexperienced chief information security officer as a major factor in the breach.
Washington DC: Senator Ron Wyden has strongly criticized UnitedHealth Group (UHG) for its handling of a severe ransomware attack on Change Healthcare. In a letter to regulators, Wyden urged that UHG’s senior executives and board members be held responsible for their negligent actions, including appointing a chief information security officer (CISO) with no prior full-time cybersecurity experience.
Wyden compared the breach to the infamous SolarWinds attack and highlighted that Steven Martin, who became UHG’s CISO in June 2023, lacked the necessary expertise for the role. He argued that the company’s leadership, including CEO Andrew Witty, should be accountable for their decision to elevate Martin and for failing to implement basic cybersecurity measures.
ALSO READ: Ransomware Attack Compromises Data at Medical Device Manufacturer LivaNova: Complete Details Inside
The senator noted that the hackers gained access through a remote server without multi-factor authentication (MFA), a crucial security step. Despite this, MFA policies were waived for servers running outdated software, leading to the breach that compromised medical records and claims processing for millions of Americans.
Wyden emphasized that the attack had disastrous consequences: millions of patients went weeks without essential medication, and hundreds of healthcare providers faced closures or financial strain. He urged the Federal Trade Commission (FTC) and the U.S. Securities and Exchange Commission (SEC) to investigate and take action against UHG for their cybersecurity failures.
ALSO READ: Why ‘Satta Bazaars’ Are Under the Radar of Police and ECI During the Ongoing Lok Sabha Elections
Referencing past enforcement actions by the FTC and the SEC’s case against SolarWinds’ CISO, Wyden called for similar accountability for UHG’s leaders. He stressed the importance of protecting consumer data and maintaining robust cybersecurity standards in the healthcare industry.
Both the SEC and the FTC have acknowledged receiving Wyden’s letter but have not commented on the matter.
Follow The420.in on
Twitter (X), LinkedIn, and YouTube