• Home
  • cyber
  • Change Healthcare: Congress plans new response to health cyberattacks
cyber Cyber Attack

Change Healthcare: Congress plans new response to health cyberattacks

Jan 1, 2024 2 min read
Change Healthcare: Congress plans new response to health cyberattacks

Congress Moves to Strengthen Healthcare Cybersecurity After Change Healthcare Attack

In the wake of the 2024 Change Healthcare cyberattack a breach that disrupted patient care and cost hospitals billions Congress is advancing bipartisan legislation to bolster cybersecurity across the healthcare sector. The attack exposed critical vulnerabilities, including the lack of multi-factor authentication and encryption, prompting lawmakers to act.

The proposed bill, led by Sen. Bill Cassidy (R-La.), would require healthcare providers and government agencies to adopt stronger defenses, including mandatory multi-factor authentication and encryption. It also establishes grants for cyberattack preparedness and response planning, while improving coordination among federal agencies. The Department of Health and Human Services (HHS) would be tasked with developing a comprehensive incident response plan.

Healthcare organizations, already under constant cyber threats, face unique risks due to the high value of medical data on the black market. Industry groups, including the Healthcare Trust Institute and Blue Cross Blue Shield Association, have voiced support, citing the life-or-death stakes of such breaches. However, hospitals and providers may push back against certain requirements, wary of additional costs amid existing cybersecurity investments.

While earlier versions of the legislation proposed stricter penalties, the current bill takes a more moderate approach to secure broader support. Still, its fate remains uncertain, as Congress faces a packed agenda and limited time before the midterm elections. The Senate Health Committee advanced the measure in a 22-1 vote last month, but its final passage may hinge on attachment to a larger legislative package, such as a year-end funding deal.

With healthcare breaches costing an average of $10 million per incident the highest among all industries the push for stronger protections reflects growing urgency. Yet, political divisions and competing priorities could delay or derail the effort.

Source: https://www.axios.com/2026/03/09/congress-health-cyberattacks-cyber-security

CHANGE HEALTHCARE TECHNOLOGY ENABLED SERVICES, LLC cybersecurity rating report: https://www.rankiteo.com/company/change-healthcare-technology-enabled-services-llc

"id": "CHA1773052297",
"linkid": "change-healthcare-technology-enabled-services-llc",
"type": "Cyber Attack",
"date": "1/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Hospitals, Patients',
                        'industry': 'Healthcare',
                        'name': 'Change Healthcare',
                        'type': 'Healthcare Technology Company'}],
 'data_breach': {'data_encryption': 'Lack of encryption',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Medical data'},
 'date_publicly_disclosed': '2024',
 'description': 'A cyberattack on Change Healthcare in 2024 disrupted patient '
                'care and cost hospitals billions, exposing critical '
                'vulnerabilities such as the lack of multi-factor '
                'authentication and encryption.',
 'impact': {'data_compromised': 'Medical data',
            'financial_loss': 'Billions (hospitals)',
            'operational_impact': 'Disrupted patient care'},
 'lessons_learned': 'Critical vulnerabilities in healthcare cybersecurity, '
                    'including lack of multi-factor authentication and '
                    'encryption, must be addressed to prevent future '
                    'disruptions.',
 'post_incident_analysis': {'corrective_actions': 'Proposed legislation to '
                                                  'mandate stronger defenses, '
                                                  'including multi-factor '
                                                  'authentication and '
                                                  'encryption, and establish '
                                                  'grants for cyberattack '
                                                  'preparedness.',
                            'root_causes': 'Lack of multi-factor '
                                           'authentication, Lack of '
                                           'encryption'},
 'recommendations': 'Adopt mandatory multi-factor authentication, encryption, '
                    'and establish grants for cyberattack preparedness and '
                    'response planning. Improve coordination among federal '
                    'agencies and develop a comprehensive incident response '
                    'plan.',
 'references': [{'source': 'Congress Legislation'}],
 'title': 'Change Healthcare Cyberattack',
 'type': 'Data Breach, Ransomware',
 'vulnerability_exploited': 'Lack of multi-factor authentication, Lack of '
                            'encryption'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.