Ransomware, Critical Infrastructure Security, API security

Mandatory cyber requirements after Change Healthcare attack opposed by health sector

Today’s columnist, Greg Murphy of Ordr, writes that while medical facilities still need Code Dark protocols, by embracing automation and the latest monitoring technology they can mitigate the attack surface on healthcare organizations. (Credit: Stock Photo, Getty Images)

The American Hospital Association has opposed mandatory cybersecurity requirements proposed for the healthcare sector following the ransomware attack against Change Healthcare, which has resulted in widespread prescription processing outages across the U.S., reports CyberScoop.

"Imposing fines or cutting Medicare payments would diminish hospital resources needed to combat cybercrime and would be counterproductive to our shared goal of preventing cyberattacks," wrote AHA President Richard Pollack in a letter to Sen. Ron Wyden, D-Ore., and Senate Finance Committee ranking member Sen. Mike Crapo, R-Idaho. Wyden noted that the pushback was expected. "Private-sector opposition to effective cybersecurity rules is the number one reason our critical infrastructure, particularly the healthcare sector, is so woefully unprepared for even unsophisticated cyberattacks," added Wyden. Despite the push to immediately address cybersecurity issues within the healthcare industry, any legislative push for such an objective is unlikely amid the upcoming midterm elections, according to a former congressional staffer. "I think industry is just going to just say 'let's ride this out the rest of the year and see where we are next year,'" added the staffer.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.