AHA provides update to Senate, House committee leaders ahead of hearings on fallout from Change Healthcare cyberattack 

Apr 29, 2024 - 03:31 PM
cybersecurity-hand-lock-graphic_900x400

The AHA April 29 provided the Senate Committee on Finance and House Energy and Commerce Subcommittee on Oversight and Investigations an update regarding outstanding issues continuing to impact patients and hospitals following the Change Healthcare cyberattack, as well as additional actions for Congress and the Administration to consider related to the cybersecurity of the health care sector. 

The AHA’s letters were sent to committee leaders ahead of May 1 hearings during which the CEO of UnitedHealth Group, which owns Change Healthcare, is expected to testify. 

Although much of Change Healthcare’s claims and payment system functionality has been restored, it remains unclear as to how long it will take for all operations to return to normal. The AHA said patients and providers are continuing to experience financial and operational impacts following the Feb. 22 cyberattack as providers will need to work through the backlog of claims, reprocess denials received during this time, reconcile payments to accounts, and bill patients, among other tasks. 

“It is unclear what other impacts may emerge over the coming weeks and months, and we urge Congress and the Administration to continue oversight of the aftermath of the attack,” AHA wrote. 

The AHA also said that Congress should hold UnitedHealth Group to public comments it made about the company making notifications and undertaking related administrative requirements on behalf of any provider or customer at the appropriate time regarding the breach of protected health information or personally identifiable information. 

Meanwhile, to make meaningful progress in the war on cybercrime, the AHA urged Congress and the Administration to focus on the entire health care sector and not just hospitals. The AHA supports the voluntary consensus-based cybersecurity practices, such as those announced in January by the Department of Health and Human Services, but opposes penalties being levied against hospitals. 

“It is well-documented that the vast majority of the cybersecurity risk in the health care sector is from vulnerabilities in third-party technology, not hospitals’ primary systems,” AHA said. “Enforcing hospital adoption of these practices would have done nothing to prevent the Change Healthcare cyberattack or most other cyberattacks on the sector to date. Instead, Congress and other policymakers should focus their efforts on ensuring all health care stakeholders adopt appropriate cyber hygiene practices with a particular priority on third-party technologies.” 

Related News Articles

Headline
Agencies release guidance on hardening network devices in response to cyber espionage campaign by hackers linked to Chinese government
New guidance released yesterday by the Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI informs health care and other…
Headline
Advisory warns of activity by BianLian ransomware group 
A joint advisory released Nov. 20 by the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency and international partners warns of…
Headline
DOJ: Russian national charged with cybercrimes for ransomware attacks on hospitals, other entities 
The Department of Justice Nov. 18 announced criminal charges against Evgenii Ptitsyn, a Russian national, for allegedly administering the sale, distribution…
Headline
UN Security Council meeting discusses impact of ransomware attacks on hospitals 
A United Nations Security Council meeting the week of Nov. 4 discussed ransomware and the severe impacts that cyberattacks can have on hospitals and health…
Headline
AHA's Pollack breaks down role of hospitals in the future of health care on Pinkston podcast 
AHA President and CEO Rick Pollack was recently a guest on Pinkston's "To the Point" podcast to discuss the future of U.S. health care, touching on a range of…
Headline
Agencies provide cyberthreat updates and resources leading up to election 
The Cybersecurity and Infrastructure Security Agency, FBI and other federal agencies have created a webpage with the latest cyberthreat updates and information…