Cybersecurity News

The Change Healthcare cyberattack was a significant event that caught many off guard, said the Centers for Medicare & Medicaid Services Administrator Chiquita Brooks-LaSure, reiterating the age

“Even before the recent Change Healthcare cyberattack that has left some hospitals fronting millions of dollars in extra costs, a perfect storm of complex factors was already threatening the future of high-quality patient care — and misguided proposals from policymakers risk making things even worse,” writes Nancy Howell Agee, CEO of Carilion Clinic and chair of the Coalition to Strengthen America’s Healthcare, whose founding members include the AHA.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) April 5 released an advisory on the top 10 ransomware groups targeting the health care sector.

The AHA has been made aware of a validated IT help desk social engineering scheme that uses the stolen identity of revenue cycle employees or employees in other sensitive financial roles.

In this second of a two-part conversation, Providence’s Adam Zoller, chief information security officer, and Katie Adams, cybersecurity director of clinical technology services, discuss the potential cyberthreats posed by third-party medical devices, and strategies to keep third-parties open and transparent with organizations.

The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology March 27 released for comment through May 28 a federal strategic plan for health information technology over the next five years.

In this first of a two-part conversation with experts from Providence, Adam Zoller, chief information security officer, and Katie Adams, cybersecurity director of clinical technology services, discuss the potential cyberthreats posed by third parties and prevention strategies to keep your protected systems secure.

The Department of Health and Human Services’ Administration for Strategic Preparedness and Response and Centers for Medicare & Medicaid Services this week released a guide to health plan resources for health care providers impacted by the Change Healthcare cyberattack, including health plan contact information, noting in an accompanying letter that many providers continue to face significant disruptions as a result of the cyberattack or difficulty getting information from health plans about prospective payments and other flexibilities.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency March 27 released a proposed rule implementing cyber incident and ransom payment reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, intended to help the agency prevent cyberattacks and deploy assistance to victims.

U.S. and international cybersecurity authorities this week released additional guidance to help health care and other critical infrastructure leaders defend their networks from Volt Typhoon, a People’s Republic of China state-sponsored group that has been pre-positioning itself on U.S. networks to disrupt critical services in the event of increased geopolitical tensions or conflict with the U.S. and its allies. 

Congress should address any statutory constraints that prevent the Centers for Medicare & Medicaid Services and Department of Health and Human Services from adequately helping hospitals and other health care providers impacted by the Change Healthcare cyberattack, AHA said a letter submitted to the House Ways and Means Committee for a hearing March 20 with HHS Secretary Xavier Becerra.

Ninety-four percent of hospitals are experiencing a financial impact from the Change Healthcare cyberattack with more than half reporting “significant or serious” impact, according to results from an AHA survey released today.

The Centers for Medicare & Medicaid Services March 13 released additional information on the Medicare accelerated and advance payments that hospitals, physicians and others impacted by the Change Healthcare cyberattack may apply for through their Medicare Administrative Contractors.

The Department of Health and Human Services’ Office for Civil Rights is initiating an investigation into the Change Healthcare cyberattack, the agency announced March 13in a “Dear Colleague” letter.

Congress should consider any statutory limitations that exist for an adequate response from the Centers for Medicare & Medicaid Services and Department of Health and Human Services to help hospitals and other providers minimize further fallout from the Change Healthcare cyberattack, AHA wrote March 13 in a letter to Senate Finance Committee leaders.

The FBI Internet Crime Complaint Center (IC3) recently reported a record 880,418 internet crime complaints in 2023, including an 18% increase in ransomware complaints to 2,825.

In a letter March 10 to health care providers, the departments of Health and Human Services and Labor called on UnitedHealth Group to expedite payments and provide greater transparency to health care providers impacted by the recent cyberattack on its Change Healthcare unit.

UnitedHealth Group March 7 announced a series of updates on its response to the unprecedented cyberattack against its subsidiary Change Healthcare.

We continue to press Congress, the Administration and UnitedHealth Group to step up their efforts to respond to this unprecedented incident.

The Centers for Medicaid & Medicare Services March 5 announced flexibilities intended to help providers continue to serve patients in the wake of the cyberattack on Change Healthcare.