UnitedHealth’s problems are not a threat to the broader economy, the largest US health insurer’s CEO told a Senate panel on Wednesday after senators questioned whether the company’s size could pose a systemic threat.
Senators grilled Andrew Witty during the first of two scheduled testimonies in front of Congressional panels on the recent cyberattack on UnitedHealth’s technology unit that impacted almost all patients and providers.
“Your company let the country down,” Senate Finance Committee Chairman Ron Wyden told Witty.
UnitedHealth is one of the biggest companies in the United States, with a market capitalization of $445 billion and annual revenue of $372 billion. Senators said during the hearing it was the 11th largest company in the world.
“The very fact that you are so big means it (the hack) had a wide-ranging ripple effect that was outsized,” Senator Bill Cassidy said, adding that senators on the committee “would have to ask, is the dominant role of United too dominant because it is into everything and messing up United messes up everybody?”
“My point is, the size of United becomes a it’s almost a too big to fail and sure, because if it fails, it’s going to bring down far more than it ordinarily would,” Cassidy said.
Witty said in response, “I don’t believe it is because actually despite our size, for example, we have no hospitals in America, we do not own any drug manufacturers.”
The widespread impact of the hack was the result of UnitedHealth’s domination. The Change unit at the heart of the hack processes about 50% of medical claims in the US for around 900,000 physicians, 33,000 pharmacies, 5,500 hospitals and 600 laboratories.
Members of the US military had their data stolen in the hack, Witty told the committee.
“We do believe there will be members of the armed forces” caught up in the hack, Witty said, adding it would take longer than a week to find out the many were affected.
The company paid the hackers a $22 million ransom, he said.
“I believe the bigger the company, the bigger the responsibility to protect its systems from hackers. UHG was a big target long before it was hacked,” Wyden said in opening remarks, adding that the hack was a national security threat.
Health and personal data of a “substantial proportion” of Americans were stolen, UnitedHealth said last week.
“UnitedHealth Group has not revealed how many patients’ private medical records were stolen, how many providers went without reimbursement, and how many seniors are unable to pick up their prescriptions as a result of the hack,” said Wyden.
Hackers breached UnitedHealth’s tech unit on Feb. 12 by using stolen login credentials that gave them remote access to its network, Witty told the committee. He is scheduled to testify in front of the House Energy Subcommittee on Oversight and Investigations later in the afternoon.
The hack caused widespread disruption in payment to doctors and health facilities.
In letters to both congressional committees, the American Hospital Association said an internally survey of its members found that 94% of hospitals reported damage to cash flow and more than half reported “significant or serious” financial damage due to Change’s inability to process claims.