A Mississippi women's health clinic has filed a proposed class action lawsuit against UnitedHealth Group alleging the disruption in claims processing caused by the cyberattack on the company's Change Healthcare unit and the resulting IT outage is threatening to push the practice into bankruptcy.
The many kinds of OT and IoT gear that are not regulated medical devices but are critical to run hospitals and other care facilities present a variety of cybersecurity and patient safety concerns, said Dr. Benoit Desjardins, professor of radiology at the University of Pennsylvania Medicine.
Healthcare organizations and makers of medical devices need to think about how to safeguard their critical medical gear against future cyberthreats, including the looming dangers posed by quantum computing, said Mike Nelson, global vice president of digital trust at security firm DigiCert.
In the aftermath of a ransomware attack several years ago, Hackensack Meridian Health embarked on transforming its cybersecurity program with the support of top leadership and increased funding and staff and by implementing critical security tools and best practices, said CISO Mark Johnson.
The U.S. healthcare sector needs to closely watch government regulatory and legislative developments involving artificial intelligence, including the European Union AI Act, said Lee Kim, senior principal of cybersecurity and privacy at the Healthcare Information and Management Systems Society.
It's critical for hospitals and other firms to not only prepare for how they will respond to a cyberattack but also to consider the regional impact if a neighboring provider of services needed in the community is disrupted by a serious cyber incident, said Margie Zuk of Mitre.
Healthcare sector organizations need to focus their attention on meeting the "voluntary" essential and enhanced cybersecurity performance goals set out by federal regulators before they become potential mandates, said Kate Pierce, virtual information security officer at Fortified Heath Security.
Federal regulators have informed UnitedHealth Group that they have launched a full-fledged investigation into a potential massive compromise of protected health information stemming from the Change Healthcare cyberattack. A potential PHI breach could affect tens of millions of individuals.
The vast healthcare ecosystem disruption caused by the recent attack on Change Healthcare, which affected more than 100 of the company's IT products and services, underscores the concentrated cyber risk when a major vendor suffers a serious cyber incident, said Keith Fricke, partner at tw-Security.
The Department of Health and Human Services is working on grant programs and other financial programs to help under-resourced healthcare organizations deal with the cybersecurity challenges they're facing, said La Monte Yarborough, CISO and acting deputy CIO at HHS.
The healthcare sector needs a 911-style cyber civil defense system that can help all segments of the industry, including under-resourced groups, to more rapidly and effectively respond to cyberattacks and related incidents, said Erik Decker, CISO of Intermountain Health and a federal cyber adviser.
The Change Healthcare attack is already providing valuable lessons to healthcare firms - mostly about the importance of resilience, especially when it comes the industry's supply chain and third parties, said Nitin Natarajan, deputy director of the Cybersecurity and Infrastructure Security Agency.
UnitedHealth Group expects some key IT systems and services affected by the recent cyberattack on its Change Healthcare unit to regain functionality over the next week to 10 days. Certain pharmacy services are already restored. But the American Medical Association is not impressed.
In the latest weekly update, ISMG editors discussed the cyberattack that's sending shock waves through the U.S. healthcare sector, Palo Alto's strategic pivot and its far-reaching implications for the industry, and new developments in tech and journalism at Information Security Media Group.
As the fallout continues in the Change Healthcare IT outage, the U.S. healthcare ecosystem is anticipating the next bombs to drop in what's shaping up to be the worst cyberattack the sector has experienced so far. What should entities be considering as they push forward in the recovery?
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.