There's no evidence that this attack was due to poor UHG developer quality. It appears to have been an infrastructure security vulnerability in the Change Healthcare business unit, which UHG acquired just last year.
I would bet my life savings UHG developers pleaded with management for years to get the resources they desperately need to resolve these problems, but management ignored every request because it didn't have any external impact.
Management in healthcare tech is comprised entirely by some of the most mind boggling idiots on Earth, whose only qualification might be being an adult, since their ability to read, write, and comprehend information is universally worse than a child. This is without exception, in my experience.
The systems built were designed for a business that evolved, and the assumptions and constraints changed in a way that sometimes requires redoing things. This can be as simple as an assumption about how sales will be acquiring new clients, and how those new clients affect overall system scalability. If there's a long pipeline of feature requests and sales supersedes product managers on roadmaps, doing the necessary work to scale the systems is going to be deprioritized to a point where anything other than downtime is acceptable from a business standpoint. Sales are made on features being built, not on an impending doom that has yet to happen. This extends to other aspects of systems, like security.
No, developers aren't responsible for infrastructure. Most large enterprises have separate specialized positions for sysadmin, networking, storage, firewalls, etc.
UHG developers would be responsible for the infrastructure right? And wouldn't Change have been brought under the UHG network?