Tech & Innovation in Healthcare

“This incident and the harm that it caused was, like so many other security breaches, completely preventable and the direct result of corporate negligence,” Wyden wrote in the letter. “UHG has publicly confirmed that the hackers gained their initial foothold by logging into a remote access server that was not protected with multi-factor authentication (MFA). MFA is an industry-standard cyber defense that protects against hackers who have guessed or stolen a valid username and password for a system.”

Rather than placing the responsibility on UHG’s head of cybersecurity, Wyden is urging FTC Chair Lina S. Khan and SEC Chair Gary Gensler to hold UHG’s CEO, Andrew Witty, and its board of directors responsible for the cybersecurity breach. Prior to being elevated to the cybersecurity lead, UHG’s head of cybersecurity had not previously worked in a full-time cybersecurity role.

Additionally, on June 5, Senator Wyden wrote a letter to the Department of Health and Human Services (HHS) Secretary Xavier Becerra calling for stronger cybersecurity practices for healthcare companies.

“It is clear that HHS’ current approach to healthcare cybersecurity — self-regulation and voluntary best practices — is woefully inadequate and has left the healthcare system vulnerable to criminals and foreign government hackers. HHS must follow the lead of other federal regulators in mandating cybersecurity best practices necessary to protect the healthcare sector from further, devastating, easily-preventable cyberattacks,” Senator Wyden wrote.