Cybersecurity News

Congress should address any statutory constraints that prevent the Centers for Medicare & Medicaid Services and Department of Health and Human Services from adequately helping hospitals and other health care providers impacted by the Change Healthcare cyberattack, AHA said a letter submitted to the House Ways and Means Committee for a hearing March 20 with HHS Secretary Xavier Becerra.

Ninety-four percent of hospitals are experiencing a financial impact from the Change Healthcare cyberattack with more than half reporting “significant or serious” impact, according to results from an AHA survey released today.

The Centers for Medicare & Medicaid Services March 13 released additional information on the Medicare accelerated and advance payments that hospitals, physicians and others impacted by the Change Healthcare cyberattack may apply for through their Medicare Administrative Contractors.

The Department of Health and Human Services’ Office for Civil Rights is initiating an investigation into the Change Healthcare cyberattack, the agency announced March 13in a “Dear Colleague” letter.

Congress should consider any statutory limitations that exist for an adequate response from the Centers for Medicare & Medicaid Services and Department of Health and Human Services to help hospitals and other providers minimize further fallout from the Change Healthcare cyberattack, AHA wrote March 13 in a letter to Senate Finance Committee leaders.

The FBI Internet Crime Complaint Center (IC3) recently reported a record 880,418 internet crime complaints in 2023, including an 18% increase in ransomware complaints to 2,825.

In a letter March 10 to health care providers, the departments of Health and Human Services and Labor called on UnitedHealth Group to expedite payments and provide greater transparency to health care providers impacted by the recent cyberattack on its Change Healthcare unit.

UnitedHealth Group March 7 announced a series of updates on its response to the unprecedented cyberattack against its subsidiary Change Healthcare.

We continue to press Congress, the Administration and UnitedHealth Group to step up their efforts to respond to this unprecedented incident.

The Centers for Medicaid & Medicare Services March 5 announced flexibilities intended to help providers continue to serve patients in the wake of the cyberattack on Change Healthcare.

UnitedHealth Group’s Temporary Funding Assistance Program “is not even a band-aid on the payment problems you identify,” AHA wrote March 4 in a message to UHG in response to a program the company unveiled March 1 following a cyberattack on UHG’s subsidiary Change Healthcare.

The AHA March 4 urged Congress to consider a number of actions to support hospitals’ efforts to care for patients as the entire health care system continues to navigate the effects of the ongoing cyberattack against Change Healthcare.

U.S. and international agencies Feb. 29 urged health care and other critical infrastructure organizations using Ivanti Connect Secure VPN and Ivanti Policy Secure to take certain steps to defend against known cyber threats that Ivanti’s Integrity Checker Tool may fail to detect.

The cyberattack against Change Healthcare that began on Feb. 21 is the most serious incident of its kind leveled against a U.S. health care organization.

Organizations using the National Institute of Standards and Technology’s Cybersecurity Framework as their primary cybersecurity framework report one-third lower cyber insurance premium cost growth, according to the 2024 Healthcare Cybersecurity Benchmarking Study, produced by Censinet and KLAS Research in collaboration with the AHA, Health Information and Analysis Center (Health-ISAC), and Healthcare and Public Health Sector Coordinating Council. 

President Biden Feb. 28 directed the Department of Justice to issue regulations to protect personal health and other data from countries known to collect and misuse it.

The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services Feb. 27 released updated recommendations to help health care and other critical infrastructure organizations defend against ALPHV Blackcat ransomware. 

Russian state-sponsored cyber actors are using compromised Ubiquiti EdgeRouters to facilitate malicious cyber operations worldwide, the FBI and other agencies warned Feb. 27.

The AHA Feb. 26 issued a Cybersecurity Advisory highlighting updates on network connectivity issues and indicators of compromise related to the recent cyberattack on Change Healthcare.

This week’s cyberattack on Change Healthcare, one of the nation’s largest health care technology companies, is yet another unwelcome reminder of the ability of cybercriminals to take advantage of our mission of caring by disrupting daily operations.