Senators Seek Answers About Data Security at United Health Group
United Health Group has shown a “repeated pattern” of failing to secure cyber systems after acquiring companies, Sens. Bill Cassidy, R-La., and Maggie Hassan, D-N.H., said in a letter to the company Monday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The letter to CEO Stephen Hemsley focuses on the recently reported hack against Episource, a United subsidiary, and UHG’s failure to implement basic security standards like multifactor authentication and a lack of investment in older systems.
The letter asks for information about how the company discovered the attack, its steps in notifying federal regulators, what data was compromised and what led to an attack against subsidiary Change Healthcare last year, where 190 million Americans' health information was exposed.
UHG said in a statement Tuesday: “We are in receipt of the Senators letter and look forward to providing them the information they requested. On February 6, 2025, Episource discovered that a cyber event occurred within its platform, and we took immediate steps to mitigate the risk and report the matter to law enforcement and customers. The incident was isolated to the Episource environment.”