Democrat pushes for cybersecurity standards after Change Healthcare data breach

March 24, 2024
1 min read



Article Summary

TLDR: Top Democrat Proposes Minimum Cybersecurity Standards

Key Points:

  • Sen. Mark Warner introduces legislation for minimum cybersecurity standards in healthcare
  • Healthcare providers could qualify for advanced payments if they meet these standards

In response to a recent ransomware attack on Change Healthcare, Sen. Mark Warner has proposed a bill that would allow healthcare providers to receive advanced and accelerated payments through government programs if they and their vendors adhere to minimum cybersecurity standards. The attack on Change Healthcare, a payment processor with significant reach in the healthcare industry, prompted Warner to address the vulnerability of the entire healthcare sector.

The proposed legislation would require healthcare providers and their intermediaries to meet cybersecurity standards established by the Department of Health and Human Services in order to qualify for advanced payments through the Centers for Medicare & Medicaid Services (CMS). Although some industry experts have raised concerns about implementing mandatory standards, Warner and other lawmakers are pushing for increased cybersecurity measures to protect patient data and the overall healthcare system.

In addition to Warner’s bill, Sen. Ron Wyden has expressed intentions to propose similar legislation to establish minimum cybersecurity standards. The focus is not only on preventing future attacks but also on holding companies accountable for negligence in cybersecurity practices. UnitedHealth Group, the parent company of Change Healthcare, faces scrutiny for its handling of the recent attack and is expected to address the incident before the Senate Finance Committee.

While the proposed legislation aims to incentivize healthcare providers and vendors to enhance their cybersecurity defenses, challenges remain in implementing and enforcing these standards across the industry. As cybersecurity threats continue to evolve, efforts to safeguard sensitive patient data and maintain the resiliency of the healthcare system are paramount.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and