On May 1, 2024, the U.S. Senate Committee on Finance held a hearing entitled, Hacking America’s Health Care: Assessing the Change Healthcare Cyber Attack and What’s Next. Additionally, the U.S. House Committee on Energy and Commerce (E&C) Oversight and Investigations Subcommittee held a hearing entitled, Examining the Change Healthcare Cyberattack. The sole witness for both hearings was Andrew Witty, Chief Executive Officer of UnitedHealth Group (UHG). During both hearings, members from both parties expressed numerous concerns about the cyberattack and UHG’s subsequent response. Members voiced concerns that Change Healthcare has not: (1) implemented standard cybersecurity practices, (2) placed any redundancy in their operations, (3) notified affected individuals, (4) provided concrete information on the scale and magnitude of exposed patient data, and (5) provided adequate timelines on when disruptions due to the cyberattack will be fully resolved. Members also expressed concerns about the impact of the attack on patients and providers, citing reports of patients paying substantial out-of-pocket costs for prescription drugs and providers being forced to furlough staff due to cash flow constraints. E&C Subcommittee Members also noted that UHG’s temporary assistance for providers, including no-interest loans, is inadequate to address the widespread harm caused by the attack. 
 
More information about the Senate hearing is available here. More information about the House hearing is available here.
 
Impact on General Dentistry: The Change Healthcare cyberattack disrupted claims and reimbursement systems for providers across the country. Many dental offices are small businesses, and this cyberattack caused widespread harm and cash flow issues for the industry. These hearings are an important step toward understanding how the attack happened, the extent of harm it caused, and how to prevent or mitigate future cyberattacks.