Department of Health and Human Services Deputy Secretary Andrea Palm addressed AHA Annual Membership Meeting attendees about the Administration’s work to improve access to care and increase the number of people with health insurance, as well as the Change Healthcare cyberattack and what cybersecurity looks like in the future.

“We’ve been in a live fire exercise recently and are learning lessons that inform the ways we will move forward,” she said. “These attacks happen — it’s not an if; it’s a when.”

HHS in January released cybersecurity performance goals for the health care sector, and Palm discussed the ways the Administration intends to support hospitals and health systems as they adopt best practices when it comes to protecting patients’ information and hospital networks as a whole. She specifically mentioned supporting rural hospitals, which may not have the resources to reach the goals on their own.

Palm also said that while the worst of the cyberattack on Change Healthcare may be over, HHS will continue to support hospitals and health systems as they recover. “We know the burden is easing, but we will continue to stay connected until everything is 100% operational.”

Palm emphasized that it also presented opportunities to learn, analyze and prepare for the next attack.

“There’s a ton of work for us to continue to do together,” she said. “I am excited to do that work with you and improve the health and well-being of people in this country.”
 

Related News Articles

Headline
Annual premiums for employer-sponsored family health coverage in 2025 increased 6% over last year to $26,993, according to KFF’s annual Employer Health…
Headline
The Cybersecurity and Infrastructure Security Agency Oct. 15 released an emergency directive advising federal agencies to take stock of their F5 BIG-IP…
Headline
In part one of a new blog, John Riggi, AHA national advisor for cybersecurity and risk, and Scott Gee, AHA deputy national advisor for cybersecurity and risk,…
Perspective
Public
This week, the FBI issued an urgent warning to all users — including hospitals — of a critical security soft spot within Oracle’s E-Business Suite, stating “…
Headline
The Health Sector Coordinating Council Oct. 7 released its Sector Mapping and Risk Toolkit, created to help health care providers and other organizations…
AHA Cyber Intel
As of Oct. 3, 2025, 364 hacking incidents had been reported to the U.S. Department of Health and Human Services Office for Civil Rights, affecting over 33…