A United States health technology giant is experiencing an ongoing cyberattack by ransomware group Blackcat.
The cyberattack was acknowledged by Change Healthcare on February 21, 2024, and has affected billing and care-authorization portals in the U. S.
Blackcat steals sensitive data from companies and threatens to publish the data if companies refuse to pay a ransom.
U.S. Sen. Mark Warner of Virginia, who is Chairman of the Senate Select Committee on Intelligence, released a statement today on the cybersecurity incident at Change Healthcare.
“This ransomware attack on a major health care company should surprise no one. For some time, I have been sounding the alarm on the need for the entire health care sector to drastically step up its game when it comes to cybersecurity. We’ve previously seen incidents that have caused regional disruptions in clinical care, and it was only a matter of time before one disrupted the ability to treat patients nationwide,” Warner said.
U.S. Department of Health and Human Services is working to help health care providers navigate the attack, according to Warner, and he encourages “them to ensure all Medicare providers can receive advance and accelerated payments to help them ride this crisis out. If HHS requires additional authorities from Congress to support providers during this time, it’s critical we know that so that we can act as soon as possible.”
“This attack demonstrates that we need to have backup plans in place for such incidents. I plan to write and introduce legislation that would provide for accelerated and advanced payments to providers and vendors to protect them in the event of future disruptions, as long as they meet minimum cybersecurity standards.
So far the consequences of the cyberattack on Change Healthcare have been financial, but Warner is concerned about “the possibility of a similar widespread attack directly affecting patient care and safety. That is why it is time to consider mandatory cyber hygiene standards for health care providers and their vendors. Sterilization and hand hygiene practices prevent infections — and cyber hygiene practices prevent cyber intrusions. Both are critical to protect patients.”
Warner has led the way in the cybersecurity realm throughout his time in the U.S. Senate, crafting numerous pieces of legislation aimed at addressing these threats facing our nation. Recognizing that cybersecurity is an increasingly complex issue that affects the health, economic prosperity, national security, and democratic institutions of the U.S., he cofounded the bipartisan Senate Cybersecurity Caucus in 2016. A year later, in 2017, he authored the Internet of Things (IoT) Cybersecurity Improvement Act. The legislation, signed into law by President Donald Trump in December 2020, requires that any IoT device purchased with federal funds meet minimum security standards. As Chairman of the Senate Select Committee on Intelligence, Sen. Warner co-authored legislation that requires companies responsible for U.S. critical infrastructure report cybersecurity incidents to the government. This legislation was signed into law by President Joe Biden as part of the Consolidated Appropriations Act in March 2022.
Warner examined cybersecurity in the health care sector specifically. In 2022, he authored “Cybersecurity is Patient Safety,” a policy options paper, outlining current cybersecurity threats facing health care providers and systems and offering for discussion a series of policy solutions to improve cybersecurity across the industry. Since publishing, Warner launched the Health Care Cybersecurity Working Group with a bipartisan group of colleagues to examine and propose potential legislative solutions to strengthen cybersecurity in the health care and public health sector.