News

WASHINGTON, D.C. – Today, Congressman Gary Palmer (AL-06), Chairman of the Subcommittee on Oversight and Investigations, led a hearing titled Examining Ways to Enhance Our Critical Mineral Supply Chains . “Producing critical minerals here at home is essential for our economic and national security. We cannot allow the supply chains for critical minerals used in products like AI chips, cell phones, missiles, and fighter jets to be controlled by China, particularly the processing and refining phases of the supply chains,” said Chairman Palmer. “In today’s hearing, our witnesses were clear that Congress must take steps to build an environment enticing for domestic investment—including streamlining the permitting process—to help ensure that critical minerals can be mined, processed, and refined domestically.”  Watch the full hearing here .   Below are key excerpts from today’s hearing: Congressman Troy Balderson (OH-12): “The US has the second longest timeline for a mine to be approved, and we’ve heard anecdotes of projects waiting decades for approval to break ground or begin operations. Why is it that approvals of projects in the U.S., whether it be a mine or a processing, refining, or recycling facility for critical minerals take so long in the U.S?” Mr. Herrgott: “One of the main reasons is lack of coordination amongst the various agencies that are involved in the permitting process. Most mining projects will require a variety of permits. We’ve had member companies that have had mines that require over 90 permits.” Congressman Dan Crenshaw (TX-02): “Critical Minerals are the backbone of a modern economy and a modern military, from semiconductors to advanced weapons systems. Today, the U.S. imports between 50 percent and 82 percent of the critical minerals we need. So where are they coming from? It’s been mentioned plenty of times here – they’re coming from China. That’s not good. Our national security, our national industrial base, our economic future is dependent on supply chains we don’t control and from regimes we cannot trust. And why? Well, mostly because our laws and regulations have made it virtually impossible to open up new mines in this country, and even, even when we do mine, we still have to ship the raw materials overseas just to get them refined because we’ve offshored our processing capabilities.” Congressman Randy Weber (TX-14): “The U.S. once led the world in producing and refining rare earth elements but ceded that position to China in the 1980s. Today, China controls roughly 90 percent of global rare earth processing and has already demonstrated a willingness to restrict exports and thus, as one of you mentioned, affect the market. This leaves the U.S. dangerously exposed. If China were to halt exports entirely, think of that scenario. Where would we turn to secure the materials vital to our energy infrastructure and national security?” Ms. Hunter: “So, a total export ban would be devastating to the U.S. economy. We would need to rely on domestic sources if we can get them online, and then have them be processed into the final products that need to be qualified by manufacturers, and turn to allies as much as possible, countries with which we share national security priorities.” ###

WASHINGTON, D.C.  – Congressman Gary Palmer (AL-06), Chairman of the Subcommittee on Oversight and Investigations, delivered the following opening statement at today’s hearing titled Examining Ways to Enhance Our Critical Mineral Supply Chains . Subcommittee Chairman Palmer's opening statement as prepared for delivery: “Good morning, and welcome to today’s hearing entitled 'Examining Ways to Enhance Our Domestic Mineral Supply Chains.' “Today’s hearing addresses the crucial challenge that the U.S. is facing—how to decouple and derisk ourselves from China and other foreign adversaries and build critical mineral supply chains within the U.S. Our country has been blessed with abundant natural resources and the world-changing technology needed to harness those resources. Unfortunately, however, we have become over reliant on other nations to supply and process critical minerals. Today’s hearing is an opportunity to examine how to increase capacity and resilience in American critical mineral supply chains again. “Critical minerals are used in items we use every day like smart phones, computer hard drives, televisions, batteries, and lightbulbs. They are also used in elements of our electrical grid and have defense applications. “The U.S. used to be the leading producer and refiner of many critical minerals, including rare earth elements. By the late 1990s, however, most of this industry dissolved and moved overseas. According to a review in the United States Geological Survey Mineral Commodity Summaries 2024, the U.S. was 100 percent import reliant for 12 of the 50 critical minerals on the 2022 critical minerals list and more than 50 percent import reliant for an additional 29. “This predicament we find ourselves in is not a new problem, but a problem that has been many years in the making. So how did we get here? It is a combination of things—including burdensome permitting and other regulations, uncertainty in commodity pricing, market manipulation, and an increasingly litigious society. This has made our domestic environment unattractive to investors and companies as a result. For example, getting domestic processing and refining facilities up and running is an extremely long process—it can take 10 to 20 years for new processing plants and smelters to become operational. That is in addition to the lengthy mine development process in the U.S., which is the second-longest mine development timeline in the world. Because of this burdensome red tape, companies are not incentivized to invest domestically, so instead they invest abroad. “Moreover, even when U.S. companies operate mines in the U.S., the hesitancy to invest in domestic processing and refining facilities has put us in a position where our foreign adversaries monopolize other parts of the supply chain. For example, in 2019, one rare earth mine in the U.S. sent 98 percent of its raw materials to China because the U.S. lacked the capacity to process those minerals domestically. As a result, we must import our own product back from China after it is processed, but China’s recent export bans on several rare earth elements critical to the U.S. make this nearly impossible. “I cannot convey the seriousness of this issue enough. This is an economic issue and an issue of national security. We as a nation must ensure that we have access to these materials and the ability to process them without reliance on foreign adversaries, including China. “I want to applaud President Trump for declaring a national energy emergency on day one of his presidency, emphasizing that the U.S.’s identification, production, and refining of critical minerals are inadequate to meet domestic needs. Since then, President Trump has signed several executive orders related to critical minerals—including ordering immediate measures to increase American mineral production. We look forward to working with the Trump Administration on the mission to increase the capacity and resilience of domestic critical mineral supply chains. “I also want to thank our witnesses for joining us today to share their expertise and guide our discussion about the challenges in building domestic critical mineral supply chains and the opportunities we have to improve our domestic supply chains moving forward.” ###

WASHINGTON, D.C. – Today, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, and Congressman Gary Palmer (AL-06), Chairman of the Subcommittee on Oversight and Investigations, announced a hearing titled Examining Ways to Enhance Our Critical Mineral Supply Chains . “Critical minerals are essential to America’s energy independence and our national security. By securing reliable and resilient supply chains for critical minerals, we are strengthening our global competitiveness, boosting domestic production and manufacturing, and reducing our reliance on foreign adversaries,” said Chairmen Guthrie and Palmer. “This hearing will provide us an opportunity to examine vulnerabilities within our current supply chains and explore ways to mitigate those risks.” Subcommittee on Oversight and Investigations hearing titled Examining Ways to Enhance Our Critical Mineral Supply Chains WHAT : Subcommittee on Oversight and Investigations hearing on critical mineral supply chains. DATE : Wednesday, May 21, 2025 TIME: 10:00 AM ET LOCATION : 2123 Rayburn House Office Building This notice is at the direction of the Chairman. The hearing will be open to the public and press and will be livestreamed online at energycommerce.house.gov . If you have any questions concerning this hearing, please contact Calvin Huggins at Calvin.Huggins1@mail.house.gov . If you have any press-related questions, please contact Kaley Stidham at Kaley.Stidham@mail.house.gov . ###

WASHINGTON, D.C. – Yesterday, Congressman Gary Palmer (AL-06), Chairman of the Subcommittee on Oversight and Investigations, led a hearing titled Aging Technology, Emerging Threats: Examining Cybersecurity Vulnerabilities in Legacy Medical Devices .  “The health care sector is one of 16 critical infrastructure sectors in the U.S. and has become a significant target for cyberattacks. To ensure our hospitals are secure and patients safely receive the treatment they need, we must reduce the vulnerabilities found in legacy medical devices,” said Chairman Palmer. “Yesterday’s hearing helped us better understand the risks of these devices and how to navigate them.”   Watch the full hearing here .  Below are key excerpts from yesterday’s hearing :  Congressman Gary Palmer (AL-06): “Are there updated estimates on how many legacy medical devices are currently in-use across the U.S. health care system?” Mr. Decker: “The problem is actually sort of unknown, as far as how many devices exist, especially when we start talking about the concept of what is legacy versus what is non-legacy devices… We can estimate how many devices we think exist. So, if you look inside any typical hospital, you have for any bed 8-15 some devices connected to it. There are stats that show there’s about 913,000 beds in the United States, so extrapolating that, you get to about easily 10,000,000 devices that exist.”   Congressman Brett Guthrie (KY-02): “We’re talking about backdoor medical devices and what that means in the discovery and what vulnerabilities that has and how it’s concerning. So, Mr. Decker and Ms. Jump, how often do we find this type of thing?” Mr. Decker: “Within medical devices, specifically, it’s unknown. You know, there was that report that came out about the Contec Chinese device and in your opening comments, you mentioned there’s two potential opportunities for that to occur. We know that certain nation-state adversaries are prepositioning themselves into critical infrastructure and other critical infrastructure have been targeted for this, so it’s certainly within the realm of possibility that that’s occurring within health care.” Ms. Jump: “I would say that, as a risk management expert, I think that with the increased enforcement of risk management efforts, penetration testing, and threat modeling that FDA has placed on manufacturers, not only for new devices, but also for any devices going in for a significant change of modification, (so older devices do still go through this process) - that manufacturers are being forced to actually look critically at their devices across the whole spectrum - the entire threat landscape of that device. Therefore, I think that we are going to find more and more of these. Certainly, with my clients, we do threat modeling. We do penetration testing. We help those manufacturers find those issues before they become problems and start causing issues within the health care industry.”   Congressman Rus Fulcher (ID-01): “Mr. Garcia, during your verbal testimony, you made a statement that surprised me a little bit and it was that the medical device security in the medical industry, if I understood you correctly, was the most targeted for cyberattacks. Did I get that right?” Mr. Garcia: “The entire health care ecosystem, not just medical devices.” Mr. Fulcher: “Okay, so why health care? I mean, we hear about the banking, right? And power grids. What is it about the health care industry that creates that target?” Mr. Garcia: “Yeah, I came from financial services before this and, at that time 15 years ago, banking was the biggest target because that’s where the money is. But then they started outspending the criminals. The problem with health care is, first off, it is a widely distributed, multifaceted ecosystem that has a lot of touch points, a lot of vulnerabilities. Secondly, there is less money to spend against cyber threats. And thirdly, it’s easy money. When you have a ransomware attack, if you are a hacker and you ransom a hospital, you are forcing the decision on the hospital: should I pay the ransom and continue to treat patients or should I not and run the risk of not treating patients and/or going out of business. That’s why.”   ###

WASHINGTON, D.C.  – Congressman Gary Palmer (AL-06), Chairman of the Subcommittee on Oversight & Investigations, delivered the following opening statement at today’s hearing titled  Aging Technology, Emerging Threats: Examining Cybersecurity Vulnerabilities In Legacy Medical Devices. Subcommittee Chairman Palmer's opening statement as prepared for delivery: “Good morning, and welcome to today’s hearing entitled 'Aging Technology, Emerging Threats: Examining Cybersecurity Vulnerabilities in Legacy Medical Devices.' “Legacy medical devices are medical devices that cannot be reasonably protected against current cybersecurity threats. In some instances, these are older devices that were made before existing cybersecurity requirements were established, but they can also be newer devices that have outdated software and lack the necessary cybersecurity protections required to defend against current threats.  “There is a broad range of medical devices that can be vulnerable to cybersecurity threats, but examples include patient monitors, infusion pumps, and imaging systems. With over 6,000 hospitals in the U.S., each housing a range of rooms and beds and an average of 10 to 15 connected devices per bed, it is clear how integral medical devices are to delivering health care in the U.S. “One challenge with these devices is that the hardware can last 10 to 30 years, but the software becomes obsolete much sooner. Patching and updating software are common ways to address cybersecurity vulnerabilities, but it is unlikely that such vulnerabilities can be sufficiently mitigated through these approaches due to outdated technology and compatibility issues.  “Moreover, merely replacing devices comes with financial and logistical challenges which leads many hospitals to retain these legacy medical devices well beyond their life expectancies – often without the software support to handle modern cybersecurity risks. This is particularly true in small, rural, or under-resourced facilities, making it crucial to find practical solutions. “It is also important to recognize that the health care sector is one of 16 critical infrastructure sectors in the U.S., and it has become a significant target for cyberattacks. For example, in 2017, the global WannaCry ransomware attack severely impacted the health care sector. In the U.S., medical device manufacturers rushed to patch affected devices after WannaCry showed that malware could jump from PCs to embedded medical devices. This attack demonstrated how unpatched, older Windows-based systems in medical devices can be immobilized by ransomware. “Additionally, the risk of harm to patients is a big concern because if a medical device’s vulnerability is exploited, the ability for a device to help monitor, diagnose, or treat a patient can be compromised.  “There are also national security concerns. On January 30th, the Cybersecurity and Infrastructure Security Agency and the Food and Drug Administration (FDA) released an alert about a Chinese-made patient monitor that had a hidden backdoor that could enable remote control and data exfiltration. While the vulnerability may have been unintentional, it raised concerns and highlighted the risk of nation-state actors pre-positioning destructive malware in our health care sector as part of a potential, large-scale cyberattack to disrupt one of our nation’s critical infrastructure sectors. “Progress was made to address legacy medical device issues in 2022, with the enactment of the PATCH Act which increased FDA's authority over medical device cybersecurity. The law now requires manufacturers to submit cybersecurity plans for new devices. Legacy medical devices that were on the market before this law took effect, however, still pose a significant risk. “Therefore, addressing cybersecurity threats in legacy medical devices is critical. Fortunately, thanks to the ongoing work of the experts represented by our witnesses today, we have valuable partnerships and coordinated efforts to help address these risks and threats. “I thank our witnesses for joining us today and sharing their expertise to guide the efforts in addressing these challenges, and I look forward to their testimony.  “I now recognize the Ranking Member of the Subcommittee, Ms. Clarke, for her opening statement.” ###

WASHINGTON, D.C. – Today, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, and Congressman Gary Palmer (AL-06), Chairman of the Subcommittee on Oversight and Investigations, announced a hearing titled Aging Technology, Emerging Threats: Examining Cybersecurity Vulnerabilities in Legacy Medical Devices .  “Medical devices are critically important and broadly used to diagnose, monitor, and treat patients throughout health care delivery systems. Some medical devices, however, contain cybersecurity vulnerabilities. It is imperative we defend against cyber threats to protect patients and safeguard our national security,” said Chairmen Guthrie and Palmer. “This hearing will provide us with an opportunity to examine concerns regarding vulnerabilities in legacy medical devices, their impact on patient safety and health operations, and strategies to enhance cyber resilience.”    Subcommittee on Oversight and Investigations hearing titled Aging Technology, Emerging Threats: Examining Cybersecurity Vulnerabilities in Legacy Medical Devices     WHAT : Subcommittee on Oversight and Investigations hearing on cybersecurity vulnerabilities in legacy medical devices. DATE : Tuesday, April 1, 2025 TIME : 10:30 AM ET LOCATION : 2322 Rayburn House Office Building This notice is at the direction of the Chairman. The hearing will be open to the public and press and will be livestreamed online at energycommerce.house.gov . If you have any questions concerning this hearing, please contact Emma Schultheis at Emma.Schultheis@mail.house.gov . If you have any press-related questions, please contact Kaley Stidham at Kaley.Stidham@mail.house.gov .   ###

WASHINGTON, D.C.  – Congressman Gary Palmer (AL-06), Chairman of the Subcommittee on Oversight and Investigations, delivered the following opening statement at today’s hearing titled  Examining The Biden Administration’s Energy And Environment Spending Push . Subcommittee Chairman Palmer's opening statement as prepared for delivery: “Welcome to the first hearing of the Subcommittee on Oversight and Investigations of the 119th Congress. I want to start by saying that it is an honor to serve as the Chairman of this Subcommittee. Congress has an important oversight responsibility that includes making sure our laws are working as intended and that the federal government is using taxpayer dollars responsibly. I look forward to working with my colleagues on both sides of the aisle on this important endeavor.    “Today’s hearing is entitled 'Examining the Biden Administration’s Energy and Environment Spending Push.' Moments ago I noted the importance of ensuring that the federal government is being a good steward of taxpayer dollars. This is critical, particularly in the context of the extraordinary surge in spending and the explosion of new and expanded programs at the Department of Energy (or DOE) and the Environmental Protection Agency (or EPA), largely authorized and funded by the Infrastructure Investment and Jobs Act (or IIJA) and the Inflation Reduction Act (or IRA). The two laws provided supplemental appropriations of $97 billion and $101.5 billion to DOE and EPA, respectively.  “As this Subcommittee examined last Congress, spending large amounts of funding, particularly in short timeframes carries tremendous risk. For example, in a November 2024 report, the DOE Office of the Inspector General (OIG) noted that the IIJA, IRA, and 2023 Omnibus Appropriations law increased the DOE Loan Program Office’s authority to nearly half a trillion dollars. This is more than 23 times that of the program’s portfolio balance as of November 2021, when the IIJA was signed into law.  “The situation only became more alarming as the Biden administration raced to finalize loans and spend down available grant funding in its final months. All three watchdog organizations here today, the EPA OIG, DOE OIG, and the Government Accountability Office (GAO), have reported on past shortcomings within these agencies and risk factors for waste, fraud, and abuse. These risks increased under past infusions of funding as agencies rushed to move large amounts of funding in a short amount of time.  “Unfortunately, history seems to be repeating itself, but we have a chance to try to minimize the damage. I want to emphasize that we are not insinuating that all applicants and recipients are guilty of wrongdoing. Rather, the sheer pace and volume with which this funding was awarded raises questions, and it is worth a pause to evaluate whether the appropriate due diligence was done to ensure taxpayer dollars went to eligible parties and the funds are being used appropriately.  “I thank our witnesses for being here and sharing their expertise to guide and inform the Committee’s efforts to identify potential misuse of federal funds and ensure that appropriate measures are taken moving forward to prevent future misuse of funds. This hearing is only one step of many to ensure that wasteful spending is curbed, and we hope to continue our collaboration with the OIGs, GAO, and the current administration to address this issue.  “I now recognize the Ranking Member of the Subcommittee, Ms. Clarke, for her opening statement.” ###

WASHINGTON, D.C.  – Today, Congressman Brett Guthrie (KY-02), Chairman of the House Committee on Energy and Commerce, and Congressman Gary Palmer (AL-06), Chairman of the Subcommittee on Oversight & Investigations, announced the first hearing of the 119th Congress for the Subcommittee on Oversight & Investigations titled  Examining the Biden Administration’s Energy and Environment Spending Push .  “In its final months, the Biden-Harris Administration handed out billions of dollars in energy and environment grants and loans at an unprecedented pace, exacerbating concerns that appropriate vetting and due diligence reviews may not have occurred for some of these awards,”  said Chairmen Guthrie and Palmer.   “This hearing will provide an opportunity for the Committee to examine this surge in spending and help identify potential misuse of federal funds.”    Subcommittee on Oversight and Investigations hearing titled  Examining the Biden Administration’s Energy and Environment Spending Push .  WHAT: Subcommittee on Oversight and Investigations hearing examining Biden-Harris Administration energy and environment spending. DATE: Wednesday, February 26, 2025     TIME: 10:30 AM ET  LOCATION: 2322 Rayburn House Office Building  This notice is at the direction of the Chairman. The hearing will be open to the public and press and will be livestreamed online at energycommerce.house.gov . If you have any questions concerning this hearing, please contact Calvin Huggins at Calvin.Huggins1@mail.house.gov . If you have any press-related questions, please contact Zach Bannon at Zach.Bannon@mail.house.gov .  ###

Americans deserve to have their sensitive health information protected. Energy and Commerce Republicans have been actively working since the February 21st cyberattack on Change Healthcare to understand how it happened, how it can be prevented in the future, and how to help Americans continue to access care.  THE PROBLEM Change Healthcare is one of the largest health payment processing companies in the world. It acts as a clearing house for 15 billion medical claims each year—accounting for nearly 40 percent of all claims. The cyberattack that occurred in February knocked Change Healthcare—a subsidiary of the behemoth global health company UnitedHealth—offline, which created a backlog of unpaid claims. This has left doctors’ offices and hospitals with serious cashflow problems—threatening patients’ access to care. It has since come to light that millions of Americans may have had their sensitive health information leaked onto the dark web, despite UnitedHealth paying a ransom to the cyber attackers. E&C ACTION From the outset, Members on Energy and Commerce have been working with the administration and Change Healthcare to help providers—particularly smaller and rural practices—maneuver through the new, complicated process of getting reimbursed, so they could keep their doors open and focus on caring for patients. Energy and Commerce Republicans were briefed by the Administration for Strategic Preparedness and Response, the Centers for Medicare and Medicaid Services, and Change Healthcare in the weeks following the attack. Following the briefings, bipartisan Energy and Commerce leaders wrote to UnitedHealth seeking answers about the attack. The Subcommittee on Health convened a hearing on May 17th to explore cybersecurity vulnerabilities in the health care sector and discuss possible solutions to address them. This week, the Oversight and Investigations Subcommittee called UnitedHealth CEO Sir Andrew Witty to explain to the American people what happened in the lead up to and during the attack, how the company is responding, and how it plans to prevent such an attack from happening again. WHAT WE LEARNED 1. The attack occurred because UnitedHealth wasn’t using multifactor authentication [MFA], which is an industry standard practice, to secure one of their most critical systems.  Mr. Witty:   We're continuing to investigate as to exactly why MFA was not on that particular service. It clearly was not. I can tell you I'm as frustrated as you are about having discovered that and as we've gone back and figured out how this situation occurred.    Change Healthcare came into the organization toward the end of 2022 after the timing of the declarations you just described.    Change Healthcare was a relatively older company with older technologies, which we had been working to upgrade since the acquisition. For some reason, which we continue to investigate, this particular server did not have MFA on it.   2. It’s estimated that a third of Americans had their sensitive health information leaked to the dark web as a result of the attack.  Oversight Subcommittee Chair Morgan Griffith: "Substantial proportion of the American population." What does that mean? How much are we talking? 20 percent? We talking 50 percent? We're talking 70? Tell us.   Mt. Witty:   Chairman, we continue to investigate the amount of data involved here. We do think it's going to be substantial. Because we haven't completed the process, I'm hesitant to be overly precise on that and and be wrong in the future. I wouldn't like to mislead anybody in that regard.   Chair Griffith:   Well, and I wouldn't want you to mislead us either. But when you say "substantially," at least give me some kind of a range. You can be on the bottom to high. I don't mind giving you a range. Are we talking 20 to 50?   Mr. Witty:   I think maybe a third or somewhere of that level.   3. This might not be the end of the leaks. Despite UnitedHealth paying a ransom to the criminals, it cannot guarantee that more of Americans’ sensitive information will not be leaked.  Chair Cathy McMorris Rodgers:   How were the hackers communicating with UnitedHealth to get the ransom? Did you communicate ever directly with the hackers?   Mt. Witty:   I did not. No. Chair Rodgers:   How much did you pay in ransom? And how was it paid it? In dollars? Bitcoin or other cryptocurrency?   Mr. Witty:   $22 million in Bitcoin.  Chair Rodgers:   What was the date that you paid the ransom?   Mr. Witty:   I'm sorry. I don't have that to mind. But I can certainly get back to you with that.   Chair Rodgers:   Can you affirmatively say that the hackers you paid did not make copies of protected or personal data and then, at a later date, uphold it onto the internet or the dark web.   Mr. Witty:   I cannot affirmatively say that. No. 4. UnitedHealth has resources to help individuals and providers.  Dr. Burgess:   Is there a generally available website or telephone number that a practice can call right now, if they're continuing to have a problem?  Mr. Witty: Yes. And thank you very much for the question. So [ https://support.changehealthcare.com/ ] is the best website for anybody to access, whether it being a provider or an individual.    But, also I would very much like to note the 1-800 number that's available for individuals to call if they have any questions at all about data or anything like that.    So, it's 1 (866) 262-5342. That service line is available and makes available very quickly is a very simple process. If anybody wants things like credit protection, identity theft protection, those services are all available to be enrolled on just through a simple phone call.   CLICK HERE to watch the full hearing. Check out some of the news coverage from the hearing: UnitedHealth’s handling of the situation will probably be “a case study in crisis mismanagement for decades to come,” said Rep. Cathy McMorris Rodgers (R-Wash.), chair of the House Energy and Commerce Committee.  Witty fielded heated questions from Senators on the House Energy and Commerce Committee about the company's failure to prevent the breach and contain its fallout.  Pressed for details on the data compromised, Witty said "maybe a third" of Americans' protected health information and personally identifiable information was stolen.  Members of the House Energy and Commerce Committee asked Witty why the nation's largest health care insurer did not have the basic cybersecurity safeguard in place before the attack. "Change Healthcare was a relatively older company with older technologies, which we had been working to upgrade since the acquisition," Witty said. "But for some reason, which we continue to investigate, this particular server did not have MFA on it."  Rep. Gary Palmer (R., Ala.), in an afternoon hearing held by the House Energy and Commerce Committee’s subcommittee on Oversight and Investigations, pressed Witty on how many government employees with security clearance were included in the breach. That kind of theft would be a national-security risk, he said.  Still, Rep. Earl L. “Buddy” Carter, R-Ga., railed against the company’s use of vertical integration, in which it has acquired physician practices, pharmacy benefit managers and other players in the health care system. “Let me assure you that I’m going to continue to work to bust this up,” Carter said.“This vertical integration that exists in health care in general has got to end.”  Several members also took the opportunity to chide United Healthcare’s use of prior authorization, which Witty said resumed for its Medicare Advantage plans April 15.   The company should “carefully review how that prior authorization” has affected patient outcomes, said Rep. John Joyce, R-Pa.