AHA urges Congress to reject cybersecurity proposal in HHS budget request

Apr 17, 2024 - 02:24 PM
cybersecurity-hand-lock-graphic_900x400

In a statement submitted to the House Energy and Commerce Health Subcommittee for a hearing April 17 on President Biden’s fiscal year 2025 Health and Human Services’ budget request, AHA expressed concern about proposed new penalties for hospitals and health systems that do not meet what the Administration defines as essential cybersecurity practices. Inpatient prospective payment system hospitals failing to meet these standards would face penalties of up to 100% of the annual market basket increase beginning in FY 2029 and potential additional penalties of up to 1% off the base payment beginning in FY 2031. Critical access hospitals that fail to adopt the practices would incur a payment reduction of up to 1%, with their total penalty capped.

“The now well-documented source of cybersecurity risk in the health care sector, including the Change Healthcare cyberattack, is from vulnerabilities in third-party technology, not hospitals’ primary systems,” AHA wrote. “No organization, including federal agencies, is or can be immune from cyberattacks. Imposing fines or cutting Medicare payments would diminish hospital resources needed to combat cybercrime and would be counterproductive to our shared goal of preventing cyberattacks. To make meaningful progress in the war on cybercrime, Congress and the Administration should focus on the entire health care sector and not just hospitals. Furthermore, for any defensive strategy imposed on the health care sector, Congress should call on federal agencies to protect hospitals and health systems — and the patients they care for — by deploying a strong and sustained offensive cyber strategy to combat this ongoing and unresolved national security threat.”

Related News Articles

Headline
Advisory details shifting tactics of Chinese cyber actors using covert networks for malicious activity
A joint advisory released April 23 from U.S. and international cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency, FBI,…
Headline
FBI Co-deputy Director Andrew Bailey discusses current cyber and physical threats, rise of AI
FBI Co-deputy Director Andrew Bailey discussed a rise in cyber and physical threats impacting health care. He discussed health care as the top critical…
Headline
FBI: Health care was top target for ransomware, other cyberthreats in 2025 
Health care and public health was the top sector targeted for cyberthreats in 2025, according to the FBI’s latest annual report on internet crimes. There were…
Headline
Alerts warn F5 BIG-IP vulnerability being exploited for malicious activity 
The Cybersecurity and Infrastructure Security Agency released an alert March 27 on a vulnerability in F5 BIG-IP Access Policy Manager software that is being…
Headline
Alert warns of cyber actors using Telegram messaging app to push malware 
The FBI released an alert March 20 warning of a technique used by cyber actors working on behalf of the Iranian government to conduct malicious cyber activity…
Headline
CISA urges organizations to harden endpoint management systems following Stryker cyberattack
The Cybersecurity and Infrastructure Security Agency March 18 released an alert urging U.S. organizations to harden their endpoint management systems following…