Sen. Gary Peters, D-Mich., chairman of the Senate Homeland Security and Governmental Affairs Committee, is calling on the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to prioritize cybersecurity efforts in the healthcare sector.
The congressman sent a letter on March 25 to CISA Director Jen Easterly and HHS Secretary Xavier Becerra urging them to expand cybersecurity guidance for the healthcare sector and to increase public outreach on cyber threats such as ransomware.
The letter comes after a ransomware attack on UnitedHealth subsidiary Change Healthcare paralyzed billing services for providers nationwide late last month.
“The recent cyberattack on a UnitedHealth Group subsidiary, Change Healthcare, has disrupted their ability to process medical claims, impacting millions of Americans trying to fill their prescriptions and access health care services,” wrote Sen. Peters. “HHS should heavily encourage health care entities impacted by the attack to take advantage of available technical and financial resources and assistance from CISA, CMS, and other organizations.”
“Public outreach and engagement are an important part of increasing cybersecurity across the healthcare sector,” he added. “CISA and HHS in coordination should conduct a campaign to engage and inform health care entities and the public of cybersecurity best practices and resources available to them.”
Sen. Peters is also asking the Federal agencies to provide more information on the Change Healthcare cyberattack, including what assistance CISA and HHS provided to the impacted entities in the healthcare sector.
He also wants to know to what extent CISA shared cyber threat information with the healthcare sector and HHS in the months leading up to the cyberattack. Additionally, the congressman wants to know what CISA and HHS are doing to prevent a similar attack from happening in the future.
Sen. Peters is not the first member of Congress to take action following the Change Healthcare cyberattack.
In response to the incident, Sen. Mark Warner, D-Va., introduced legislation on Monday that would provide financial incentives for healthcare providers to boost their cyber defense. The bill would require them to meet minimum cybersecurity standards in order to receive accelerated payment in the event of a cyberattack.
“The recent hack of Change Healthcare is a reminder that the entire healthcare industry is vulnerable and needs to step up its game,” Sen. Warner said. “This legislation would provide some important financial incentives for providers and vendors to do so.”
According to a recent report issued by the FBI, healthcare and public health organizations were the top critical infrastructure sectors that fell victim to ransomware in 2023.