The White House is set to require baseline cybersecurity standards for hospitals, according to news reports in mid-May. The move is a reaction to the crippling attack on payment processor Change in February, which left facilities unable to fill prescriptions or bill for procedures. The attackers may have had access to personal information of as many as 100 million Americans, and the halt in payment processing left many small providers reeling from lack of revenues.
United Healthcare, the parent of Change, has revealed that the attack vector was a server not secured by multi-factor authentication.
Why It Matters
The healthcare industry has been targeted repeatedly by hackers and threat actors. The administration is clearly attuned to vulnerabilities that can impair delivery of services. The Change attack exposed critical issues: that so many Americans' information and care depends on one vendor, that failure to secure one server with a basic tech tool can bring so much damage. When the information, and the services, provided by an industry are so critical and so sensitive, suppliers are a key part of the security plan.
The White House has said training to rural facilities will be part of the roll-out of cybersecurity standards.
Subscribe to Taylor English Insights by topic here.
/Passle/61f3627a0c51c3165820f0e7/MediaLibrary/Images/5ff4a070535488111cdbfec9/2024-01-17-18-25-18-859-65a81b8e3f5d760a89621ac7.png)
