AHA discusses impact of Change Healthcare cyberattack at Wall Street Journal event 

Jun 06, 2024 - 03:54 PM
The AHA June 6 participated in a Wall Street Journal Tech Live Cybersecurity event to discuss the historic Feb. 21 cyberattack on Change Healthcare.

The AHA June 6 participated in a Wall Street Journal Tech Live Cybersecurity event to discuss the historic Feb. 21 cyberattack on Change Healthcare. Stacey Hughes, AHA executive vice president of government relations and public policy, spoke about the impact on hospitals and health systems, the government response to the attack, how UnitedHealth Group’s size was a factor in the incident and what’s next in federal cybersecurity policy in a discussion with Erik Decker, vice president and chief information security officer for Intermountain Health, and WSJ Reporter James Rundle. 

When asked about the response of government, Hughes said, “It took a while for some people to recognize the severity of this incident. One of the reasons for that was because there was a significant minimization of the impact from UnitedHealth Group early on. That minimization led policymakers to not react as quickly. There is room for improvement in how our government responded and in understanding how government steps in and what they can do when something like this happens.” 

Last week, the Department of Health and Human Services announced that hospitals and health systems could require UHG to notify patients if their data was stolen during the cyberattack.

Related News Articles

Headline
AHA blog — 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, examines the state of cyber and physical threats in 2025 as…
Headline
Report: Health care had most reported cyberthreats in 2024 
Health care had more cyberthreats last year than any other critical infrastructure industry, according to the FBI's 2024 Internet Crime Report released April…
Headline
NSA report includes recommendations for OT device security
The National Security Agency April 23 released a report on operational technology systems that includes recommendations for security policies and technical…
Chairperson's File
Chair File: Leadership Dialogue — Cybersecurity in Health Care with John Riggi, AHA’s National Advisor for Cybersecurity and Risk
Public
Cybersecurity and physical threats are unfortunately significant enterprise risks for health care, regardless of size or location. Every hospital, physician…
Headline
CISA releases guidance following reported legacy Oracle cloud breach
The Cybersecurity and Infrastructure Security Agency April 17 released guidance to reduce risks associated with a reported breach of Oracle cloud services.…
Headline
Agencies issue guidance on navigating deceptive online recruitment of current and former federal employees
The National Counterintelligence and Security Center, the FBI, and the Defense Counterintelligence and Security Center yesterday released guidance on…