UnitedHealth Group faced significant scrutiny during Senate and House hearings following a cyberattack on its subsidiary, Change Healthcare. The attack, which occurred in February, involved hackers exploiting a server that lacked multi-factor authentication (MFA), resulting in the theft of sensitive data, including U.S. military personnel information. UnitedHealth CEO Andrew Witty, who testified in the hearings, revealed that the company paid a $22 million ransom to the hackers and that the hackers had access to the network for nine days before the attack was detected. Witty also confirmed that all external facing systems now have MFA enabled. The hearings highlighted concerns about the company's size and its impact on the U.S. healthcare system, with some suggesting that UnitedHealth's dominance could pose a risk.