Change Healthcare CEO Witty apologizes for effects of massive cyberattack

UnitedHealth Group CEO Andrew Witty begins his testimony before the Senate Finance Committee on May 1, 2024. Witty apologized for the effects of the massive cyberattack against the company's entity Change Healthcare this year.

Andrew Witty, CEO of Change Healthcare’s corporate parent, apologized to those affected by the massive cyberattack against the company that hobbled the U.S. health care system for weeks.

“To all those impacted, let me be very clear: I’m deeply, deeply sorry,” said Witty, CEO of UnitedHealth Group, based in Minnetonka, Minnesota.

Witty said he made the decision to pay a ransom to recover stolen data. Committee Chair Sen. Ron Wyden (D-Oregon) said the hack could have been stopped with “cybersecurity 101,” by using multifactor authentication (MFA).

Witty and Wyden spoke this morning in “Hacking America’s Health Care: Assessing the Change Healthcare Cyber Attack and What’s Next,” a hearing by the Senate Finance Committee. Witty is scheduled to testify this afternoon in a hearing on the same issue by the House of Representatives Energy and Commerce Committee.

Change Healthcare’s computer network largely is returning to normal, with core systems up and fully functional, Witty said. The company has “literally built this platform back from scratch,” so its system is safe for providers to reconnect to, he said.