Mike Bost during a visit at Scott Air Force Base (Photo: Tech. Sgt. Christopher Parr / U.S. Air Force)
In a letter addressed to UnitedHealth Group CEO Andrew Witty, House Veterans Affairs Committee Chairman Mike Bost, a Republican from Illinois, called for increased cooperation between the company and the VA. Bost’s demand stems from concerns over a cyberattack on Change Healthcare, a subsidiary of UnitedHealth Group, earlier this year. The February attack caused nationwide disruptions to the health care sector, impacting pharmacies that provide services to the VA and military health providers.
Reports indicate that the cyberattack was perpetrated by a transnational hacking group known as BlackCat/ALPHV, which claimed to have stolen six terabytes of patient data. UnitedHealth Group later admitted that a significant number of Americans may have had their protected health information or personally identifiable information compromised in the breach. The company emphasized that there was no evidence suggesting the theft of doctors’ charts or complete medical histories.
In response to the incident, VA Secretary Denis McDonough announced proactive measures to notify and protect Veterans and their families, despite not yet confirming if Veterans’ data was stolen. Since, the VA has reached out to 15 million Veterans and family members and has set up a dedicated webpage, providing guidance on safeguarding against identity theft and fraud.
Despite ongoing efforts to assess the extent of the data breach, UnitedHealth Group stated that it could take several months before enough information is available to identify and notify affected individuals. This delay has prompted scrutiny from Congress, leading Witty to testify before two congressional panels. During these hearings, Witty revealed that approximately one-third of Americans could have had their data compromised in the attack. He also disclosed that hackers gained access to the system through a server lacking multifactor authentication, a standard cybersecurity measure.
Frustrations have mounted over UnitedHealth’s lack of cooperation with the VA. In a letter to Bost, Kurt DelBene, the VA’s under secretary for information and technology, expressed dismay at Change Healthcare’s failure to provide impact measures promptly. DelBene criticized the company’s timeline for sharing information regarding the data breach, describing it as “indefensible.”
In his letter to Witty, Bost described Change Healthcare’s response to the VA as “impossible to understand.” He stated the importance of transparency and cooperation in addressing cybersecurity incidents, suggesting that UnitedHealth’s reluctance could hinder the VA’s recovery efforts. Although Bost’s letter was sent on April 18, it was only publicly released after discussions with UnitedHealth failed to alleviate concerns regarding the situation.
As of now, UnitedHealth is offering two years of free credit monitoring services to individuals concerned about potential data compromise. More information is available on their website.
Author: Rikki Almanza
Rikki is a Web Content Coordinator for the American Legion, Department of California. With a deep-rooted connection to the military, a spouse who is a Navy veteran, a father who served in the Air Force for 25 years, and a grandfather who proudly served, Rikki is committed to using her skills and knowledge to provide valuable assistance and resources to servicemembers and veterans.
