Hospital Lobbyists Fought to Cut Penalties for Cybersecurity Breaches
Amid the Change Healthcare ransomware attack, a law signed the day before the January 6th riot shows that the industry is more interested in limiting liability.
BY DAVID DAYEN APRIL 18, 2024
On Tuesday, the House Energy and Commerce Committee held a hearing on the February 21 Change Healthcare ransomware attack, which disabled a key software conduit used in billing. The hack, which cost medical providers as much as $1 billion per day, has still not been fully repaired. With nearly every hospital network financially affected, band-aid relief from Changes parent companythe health care giant UnitedHealthand the federal government has thus far been inadequate.
Members of the committee flared in anger at how a single, consolidated middleman network could perpetuate such lasting harm. The attack shows how UnitedHealthcares anti-competitive practices present a national-security risk, said Rep. Anna Eshoo (D-CA), ranking Democrat on the health subcommittee, a sentiment echoed by members of both parties and key witnesses, who called for an end to vertical integration in health IT.
UnitedHealth made nobody available for the hearing, though the company committed to testifying at a later date; its CEO Andrew Witty will appear before the Senate at the end of the month. The incident hasnt affected UnitedHealth much at all; its latest quarterly earnings report beat expectations with $8.5 billion in profits, despite the attack, and the stock soared on Tuesday.
https://prospect.org/health/2024-04-18-hospital-lobbyists-fought-penalties-cybersecurity-breaches/
sboatcar
(415 posts)Budgets for IT security are sorely lacking, the staff is not up to the task (most places run bare bones IT staff, so they're stretched thin as it is), and people aren't willing to put up with the inconvenience of multifactor authentication. Its definitely getting better, because the insurance industry is getting very tired of paying out millions of dollars for the response to these kind of incidents, but it doesn't seem to be moving fast enough.
The unbelievably bad IT systems I've seen in every industry, even some mission critical/healthcare/utilities is ridiculous. IT people screaming for help and funding to make their systems better and more secure isn't just a bunch of nerds asking for new toys. IT is also the engine that drives your business, protect it.