Lawmakers question whether healthcare giant is 'too big to fail'
UnitedHealth Group Inc.'s dominance in the U.S. healthcare industry was in the spotlight on Capitol Hill Wednesday, as the healthcare giant's CEO faced two Congressional hearings about the cyberattack that targeted the company's Change Healthcare unit.
The attack on the major healthcare-claims clearinghouse, widely considered the biggest cybersecurity disruption to healthcare in U.S. history, has intensified scrutiny of UnitedHealth's size and influence in the healthcare industry. The company runs a large health insurer and pharmacy-benefits manager, owns outpatient facilities and employs physicians, among other operations.
"This corporation is a healthcare leviathan," Senate Finance Committee chair Sen. Ron Wyden, Democrat from Oregon, said at a hearing with UnitedHealth Chief Executive Andrew Witty Wednesday morning. The hack, he said, is "a dire warning about the consequences of too-big-to-fail mega-corporations gobbling up larger and larger shares of the healthcare system."
The full repercussions of the cyberattack, which disrupted care providers' ability to file claims and get paid for their services and put patients' personal data at risk, still aren't fully understood. UnitedHealth is "working to understand the full scope of impacted patient, provider and payer information," Witty said in testimony prepared for the House Energy and Commerce Committee's Oversight and Investigations subcommittee hearing on the hack, which is scheduled for Wednesday afternoon.
UnitedHealth has said that its ownership of Change Healthcare actually may have helped to limit the fallout from the attack. If UnitedHealth didn't own the insurance-claims processor, "this attack would likely still have happened and it would have left Change Healthcare, I think, extremely challenged to come back," Witty said during the company's April 16 earnings call.
The healthcare giant is providing free credit monitoring and identity theft protection for two years and has advanced more than $6.5 billion in accelerated payments and no-interest loans to affected providers, Witty said in his prepared statement.
The U.S. Department of Justice in 2022 sued to block UnitedHealth from acquiring Change Healthcare, saying the deal would hurt competition and innovation, but a federal judge ruled that the transaction could move forward. At the time, the lawsuit was filed, principal deputy assistant attorney general Doha Mekki said in a statement that the transaction would give UnitedHealth "control of a critical data highway through which about half of all Americans' health insurance claims pass each year."
The hackers first gained entry to the Change Healthcare systems through a portal that was not protected by multi-factor authentication, Witty told the Senate Finance Committee Wednesday morning.
"This hack could have been stopped with cybersecurity 101," Wyden said, referring to multi-factor authentication. All of UnitedHealth's external-facing systems now have multi-factor authentication, Witty said.
Some lawmakers sought to link UnitedHealth's size with the cyberattack's broad impact. "Yes, you have the deep pockets by which to address this, but the very fact that you're so big means it had a wide-ranging ripple effect that was outsized," Sen. Bill Cassidy, a Louisiana Republican, said during the Senate Finance hearing Wednesday. "Is the dominant role of United too dominant, because it's into everything, and messing up United messes up everybody?" Cassidy asked.
Witty told the committee that Change Healthcare's footprint and activity was the same on the day of the attack as it was before it was acquired by UnitedHealth. As for whether UnitedHealth is "too big to fail," Witty said, "I don't believe it is," noting that despite its size the company has no U.S. hospitals or drugmakers.
The company's size also poses other risks for patients and providers, some lawmakers said. "Because UnitedHealth has bought up every link in the healthcare chain, you're now in a position to jack up prices," Sen. Elizabeth Warren, a Massachusetts Democrat, said at the hearing, calling the company "a monopoly on steroids." Warren pointed to a February report by the Wall Street Journal that the Department of Justice has launched an antitrust investigation into UnitedHealth.
"We have a longstanding practice of not commenting on matters such as that," Witty said of the reported investigation Wednesday.
Cybersecurity vulnerabilities could play into the Federal Trade Commission's reviews of prospective deals, chair Lina Khan said last week during a discussion with reporters hosted by health-policy research nonprofit KFF, noting new merger guidelines that the agency published last year. "If we think a merger could substantially lessen competition in ways that could eliminate the incentive to continue investing in data security or otherwise create some of these consolidation risks, that could definitely be part of our analysis," Khan said.
UnitedHealth shares (UNH) gained 0.5% Wednesday morning and have dropped 7.6% in the year to date, while the S&P 500 is up 5.2%.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.