Washington is cracking down on the technology running behind the scenes in health care following a debilitating cyberattack on a health care payments processing company — and it could have major implications for hospitals and the vendors selling crucial IT.
In the weeks since a ransomware attack on Change Healthcare brought pharmacy and hospital payments across the country to a halt, policymakers and lobbyists have raced to cobble together strategies for averting future attacks, ranging from tying federal aid to minimum cybersecurity requirements to new voluntary standards spun up by public-private partnerships.
The Change Healthcare attack exposed how security vulnerabilities at a single company could bring down critical technology infrastructure that a vast majority of health care providers and health insurers rely on every day. In the aftermath, federal regulators have come under fire for not being prepared and not acting soon enough, with some lawmakers calling for “tough, mandatory cybersecurity standards for the health care industry” including regular audits.
This article is exclusive to STAT+ subscribers
Unlock this article — and get additional analysis of the technologies disrupting health care — by subscribing to STAT+.
Already have an account? Log in
Already have an account? Log in
To submit a correction request, please visit our Contact Us page.
STAT encourages you to share your voice. We welcome your commentary, criticism, and expertise on our subscriber-only platform, STAT+ Connect