March 08, 2024

Wyden Statement on the United Health Group Hack

Washington, D.C. — U.S. Senator Ron Wyden, D-Ore., today issued the following statement on the hack of United Health Group:

"A hack of this magnitude is inexcusable and every American who is impacted has a right to be outraged. It is completely unacceptable that neither United Health Group, nor federal agencies were prepared for the fallout despite years of evidence that the health care sector is a prime target for criminal hackers."

"There’s no shortage of blame to go around. United Health Group botched basic cybersecurity practices by allowing a single hack to create chaos across the nation’s health care system and should be held accountable. At the same time, federal regulators have been asleep at the wheel on cybersecurity."

"HHS needs to set tough, mandatory cybersecurity standards for the health care industry. Health care providers and technology vendors need to be regularly audited to ensure they are securing patient data, and noncompliant companies should be held accountable to the full extent of the law. These breaches, which result from lax cybersecurity practices, harm patients, our healthcare system and U.S. national security. Regulators must prevent companies in critical infrastructure sectors like health care from growing so large that they pose a systemic risk, as occurred here."

"I’m also investigating whether additional legislation is needed to bolster security in the health care sector, including increasing financial penalties and holding company executives liable for failing cybersecurity 101. Finally, I appreciate HHS looking to shore up providers who are cut off from their cash flow due to this attack."