Protecting Patient Data: Strategies for Cybersecurity in Healthcare Following Ransomware Attack on Change Healthcare

In the wake of a ransomware attack on Change Healthcare, which brought payments to pharmacies and hospitals to a standstill, policymakers and lobbyists have been working to develop strategies to prevent future attacks. These strategies include tying federal aid to cybersecurity requirements and creating new voluntary standards through public-private partnerships.

The incident has shown how vulnerable the technology infrastructure of the health care industry is, with many providers and insurers relying on critical technology daily. As a result, some lawmakers are calling for mandatory cybersecurity standards in the industry, including regular audits.

In response to the attack on Change Healthcare, federal regulators have faced criticism for not being adequately prepared and not acting quickly enough. To address these concerns, policymakers are now taking action to improve the security of health care technology underpinning the industry.

One strategy being explored is tying federal aid to cybersecurity requirements for health care providers and insurers. This would require companies in the industry to meet certain standards for data protection and cybersecurity before receiving federal funding.

Another approach is creating new voluntary standards through public-private partnerships. This would involve bringing together experts from government, industry, and academia to develop best practices for cybersecurity in health care. These standards would be voluntary, but could become widely adopted if they prove effective in preventing attacks like the one on Change Healthcare.