US Senators Propose law to Tackle Healthcare Cyber Threats
Following the devastating cyber attack on UnitedHealth Group (UHG), a bill to boost cybersecurity in US healthcare has been proposed by a group of bipartisan senators.
The Healthcare Cybersecurity Act would direct key US agencies to collaborate on improving cybersecurity in the healthcare sector, and share resources about cyber threats and defence measures.
The agencies include the Cybersecurity and Infrastructure Security Agency (CISA) – part of the US Department of Homeland Security – and also the Department of Health and Human Services (HHS), a cabinet-level federal branch whose remit is to protect the health of the US people
The legislation would help HHS and CISA coordinate responses during healthcare cyberattacks.
The proposed Act follows a cyberattack in February that saw UHG’s Change Healthcare unit breached by a hacking group known as BlackCat.
UHG-owned Change Healthcare is one of the US’s largest insurance claim-processing hubs, handling data transfer between providers, payers, and consumers.
Hospitals were left unable to check the insurance benefits of in-patients, and unable to process authorisations for patient procedures and surgeries.
Change Healthcare cyberattack 'affected third of US citizens'
At the time, US government officials urged both UHG and the wider insurance market to “mitigate harm” in the wake of the ransomware cyberattack on Change Healthcare.
Later, in May, UHG CEO Andrew Witty told a stunned US congressional hearing that the Change Healthcare cyberattack had affected up to a third of the US population, whose personal data was exposed on the dark web.
One of the co-proposers of the Act, Independent Senator Angus King, said: “Healthcare cyberattacks and breaches of data can literally mean the difference between life and death for patients.
“They can also significantly impact hospital operations and, with the average hack costing millions to address, they increase healthcare prices across the board.
“The bipartisan Healthcare Cybersecurity Act will take important steps toward protecting patients’ data and healthcare provider capabilities, and bolstering our cybersecurity infrastructure and response.”
US healthcare 'still reeling from cyberattack'
Another of the Act’s proposers, Democrat Senator Jacky Rosen, said: “The healthcare industry is still reeling from recent cyberattacks,” said. “It’s imperative we take measures to prevent data breaches.”
US regulators and lawmakers have previously taken action to improve cybersecurity in the healthcare sector, with Rosen himself introducing similar legislation in 2022.
The healthcare sector also responded to news of the proposed Act.
Blayne Osborn, President of Nevada Rural Hospital Partners, said: “The cyberattacks on Change Healthcare caused severe interruption to Nevada’s Critical Access Hospitals, and we welcome this legislation to help protect our rural hospitals and their patients.”