EPISODE · May 28, 2026 · 8 MIN
How the UnitedHealth Board Missed the Cyber Crisis
from Boardroom Conversations with Fexingo: CEOs, Strategy, and Corporate Leadership Explained · host Fexingo
In February 2024, a ransomware attack on UnitedHealth's Change Healthcare subsidiary froze prescription processing and provider payments across the US healthcare system for weeks. The breach ultimately cost the company over $1.6 billion in direct expenses and exposed critical gaps in board-level cyber oversight. This episode examines how UnitedHealth's board — stacked with financial and operational expertise but thin on deep cybersecurity experience — failed to anticipate a threat that had been flagged by regulators years earlier. We walk through the timeline: the 2021 warning from the Cybersecurity and Infrastructure Security Agency about healthcare sector vulnerabilities, the 2022 board risk report that buried cyber risk under 'operational risk', and the post-incident admission that directors had not held a standalone cyber briefing in the eighteen months prior. We also look at what the board changed afterward: appointing a dedicated cyber committee, hiring a former national security official as an independent director, and restructuring executive compensation to include a cybersecurity metric. The episode offers a concrete case study in how board composition can directly determine crisis preparedness — and why 'we have a good IT team' is not a governance strategy. #UnitedHealth #ChangeHealthcare #BoardOversight #CyberSecurity #CorporateGovernance #Ransomware #Healthcare #RiskManagement #BoardComposition #CISA #CrisisManagement #CyberAttack #Strategy #BusinessPodcast #BoardroomConversations #FexingoBusiness #CorporateLeadership #GovernanceFailure Keep every episode free: buymeacoffee.com/fexingo
What this episode covers
In February 2024, a ransomware attack on UnitedHealth's Change Healthcare subsidiary froze prescription processing and provider payments across the US healthcare system for weeks. The breach ultimately cost the company over $1.6 billion in direct expenses and exposed critical gaps in board-level cyber oversight. This episode examines how UnitedHealth's board — stacked with financial and operational expertise but thin on deep cybersecurity experience — failed to anticipate a threat that had been flagged by regulators years earlier. We walk through the timeline: the 2021 warning from the Cybersecurity and Infrastructure Security Agency about healthcare sector vulnerabilities, the 2022 board risk report that buried cyber risk under 'operational risk', and the post-incident admission that directors had not held a standalone cyber briefing in the eighteen months prior. We also look at what the board changed afterward: appointing a dedicated cyber committee, hiring a former national security official as an independent director, and restructuring executive compensation to include a cybersecurity metric. The episode offers a concrete case study in how board composition can directly determine crisis preparedness — and why 'we have a good IT team' is not a governance strategy. #UnitedHealth #ChangeHealthcare #BoardOversight #CyberSecurity #CorporateGovernance #Ransomware #Healthcare #RiskManagement #BoardComposition #CISA #CrisisManagement #CyberAttack #Strategy #BusinessPodcast #BoardroomConversations #FexingoBusiness #CorporateLeadership #GovernanceFailure Keep every episode free: buymeacoffee.com/fexingo
NOW PLAYING
How the UnitedHealth Board Missed the Cyber Crisis
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m