Virginia Foxx - Chairwoman of the Education and the Workforce committee | Official U.S. House headshot
Virginia Foxx - Chairwoman of the Education and the Workforce committee | Official U.S. House headshot
Education and the Workforce Committee Chairwoman Virginia Foxx (R-NC) has submitted a letter to Acting Secretary of Labor Julie Su, seeking further information about the cybersecurity measures of the Employee Benefits Security Administration (EBSA). This follows a cybersecurity breach at Optum’s Change Healthcare unit, which highlighted the risk cybercriminals pose to EBSA's ability to safeguard workers' data and employer-sponsored health insurance plans.
In her letter, Foxx states: “On February 21, 2024, Optum, a subsidiary of United Health Group (UHG), reported that its Change Healthcare business unit experienced a cyber security issue and that it was working to address the problem. By February 29, Change Healthcare confirmed that it was the victim of a cyberattack by a cybercrime actor."
The Committee on Education and the Workforce oversees health care benefits provided by private employers. Given this recent attack, the Committee is concerned about the threats posed by cybercriminals and how EBSA is addressing these risks for itself and for employer-sponsored benefit plans.
Foxx elaborates: “The Change Healthcare hack immediately affected workers’ and their families’ access to health care. Prescriptions could not be filled. Health care claims and payments were halted. Pharmacies, military hospitals, and clinics attempted workarounds to mitigate disruptions."
Moreover, she adds that "Change Healthcare’s backlog of medical claims resulting from the cyberattack has not been resolved... Nearly 153 million people rely on employer-sponsored health insurance benefits. This attack is emblematic of the threats that service providers in the employer-sponsored health market face.”
In conclusion, Foxx requests additional information on various aspects related to EBSA's cybersecurity investigations since February 2021; its methodologies; any findings from these investigations; whether EBSA has uncovered any theft from any Employee Retirement Income Security Act plan; what steps EBSA is taking to protect its own systems; whether EBSA has ever been compromised by cybercriminals; and if EBSA is considering updating its 2021 cybersecurity guidance.
The full letter can be accessed here.
Alerts Sign-up