Washington DC – House Energy, Commerce, and Health Subcommittee Chairman Brett Guthrie (R-Kentucky) delivered the following opening remarks at today's subcommittee meeting. hearing The title is “Investigating cybersecurity in the healthcare sector in the wake of changes in healthcare attacks.''
“Today, we will hear from industry experts and healthcare providers, large and small, about our healthcare cybersecurity, which is especially important given recent events.”
Change Healthcare ransomware attack caused significant disruption to patients and healthcare providers
“On February 21st, our healthcare system suffered the largest known cyberattack to date.
“Change Healthcare, a subsidiary of UnitedHealth, experienced a ransomware attack that caused significant disruption to the healthcare industry.
“UnitedHealth Group took three major systems offline, impacting claims processing, payments and billing, and eligibility verification.
“The ensuing disruption meant patients were unable to access their medications or faced higher-than-expected daily drug costs.
“Healthcare providers large and small went unpaid, patients in some cases have not yet fully recovered, and patients experienced delays in accessing the care they were entitled to.
“To put this more concretely, Change Healthcare alone processes 15 billion health claims per year involving health care providers and hospitals across the country.
“My office and I have personally heard from affected constituents. One such example is an independent provider in my hometown of Bowling Green that is still grappling with the fallout from the attack. I am.
“His practice is losing staff because they can't do payroll while systems are still back online. We still don't know how much sensitive information may have been compromised. I'm worried.
“I am committed to continuing to work collaboratively with our private sector partners, including the Department of Health and Human Services and United Health, to assess the damage caused by the ransomware attack.”
Cyber attacks are on the rise in recent years
“I am equally committed to making sure healthcare providers are doing everything in their power to stop these ransomware attacks.
“These attacks are not new to health systems. Large-scale data breaches increased by more than 93 percent from 2018 to 2022, and ransomware-related Major violations reported to the HHS Office of Civil Rights increased by 278 percent.
“One of the main causes of the alarming increase in ransomware attacks is the payments that perpetrators demand in exchange for recovering stolen information. It is said that a payment of 10,000 dollars was brought in.'' Alf V.
“According to IBM’s 2023 report, the average cost of a healthcare data breach now averages $10 million, an increase of 53% over the past three years.
“The federal government's response to cyber threats targeting our nation's health care system has lagged compared to such threats, especially serious threats posed by adversaries.
“A July 2022 alert issued by a major national security agency highlights this reality, stating that North Korean state-sponsored ransomware attacks are targeting assets responsible for storing electronic medical records, diagnostic services, and imaging services. revealed that it was targeted.
“A new attack on an Ohio-based health care system has caused surgeries to be canceled and treatment to be diverted to patients seeking emergency services.”
The federal government must proactively work with industry stakeholders to prevent future attacks
“Last year, the Biden administration released a national strategy document outlining steps the federal government would take to strengthen its cyber response.
“As a result, HHS announced a four-phase plan to strengthen health care cyberdefenses last December, which includes setting voluntary sector cybersecurity performance goals, encouraging and implementing best practices, and “This includes providing resources for the government and strengthening enforcement and accountability within the agency.”
“I think we need to be very careful when considering the balance between incentives and penalties and accountability.
“Let me be clear: I appreciate the administration's continued efforts in this important area.
“But I can’t help but wonder if recent events could have been avoided if these steps had been taken sooner.
“I don't think it's ever too little or too late, but we need to ensure that our health system becomes a world leader in cybersecurity and patient safety, and that the privacy of Americans remains at the forefront. We have an urgent task ahead of us.”
