March 05, 2024

Gallego Calls on Administration to Help Arizona Patients, Providers Impacted by Ongoing UnitedHealth Cyber Attack

This is the second letter Rep. Gallego has sent regarding the recent cyber attack against UnitedHeath Group subsidiary Change Healthcare

WASHINGTON – Today, Rep. Ruben Gallego (AZ-03) called on Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and Department of Health and Human Services (HHS) Secretary Xavier Becerra to provide relief for pharmacies, providers, hospitals, and patients impacted by the recent cyber-attack on UnitedHealth.

“I have heard firsthand the impacts of this shutdown on Arizona’s health care community, including pharmacies, providers, hospitals, and patients,” Rep. Gallego writes. “Pharmacies, for example, have been unable to offer cost-sharing to patients. This has forced patients to pay full price for medications at the point of sale and then file directly with the insurance company for reimbursement, a confusing and time-consuming process for families, seniors, and Arizonans with disabilities.”

And it’s not just pharmacies that are impacted. As Rep. Gallego writes, “Hospitals and providers are also hurting, and some offices may be forced to close permanently. Private providers and health care systems already face significant operational overhead, and the loss of revenue and administrative burden faced by business owners who are operating at slim margins are not sustainable.”

In addition to calling on CISA and HHS to use all available resources and authorities to provide relief, Rep. Gallego requested answers to the following questions:

  1. When was CISA first informed of the vulnerability in the Connectwise application?
  2. To the best of your knowledge, was this vulnerability communicated to UnitedHealth or Optum, or did UnitedHealth request technical assistance to respond to the vulnerability?
  3. When were both CISA and HHS made aware of both breaches of Change Healthcare’s systems? Was this before or after the system shutdown?
  4. What support has been offered to impacted entities, including providers, pharmacies, and hospital systems? Has any guidance been made available or distributed? Have any resources or administrative support been offered to alleviate the burden on the health care sector?

This letter comes a week after Rep. Gallego wrote to UnitedHealth Group CEO Andrew Witty demanding answers regarding the recent cyber-attack and expressing concern about the two-day window between when UnitedHealth’s subsidiary was first made aware of the critical vulnerability and when that vulnerability was exploited.

Full text of the letter can be found HERE.