News : Hospitals are pleading for help. The NSC may be close to giving it.

Monday, March 4, 2024

Hospitals are pleading for help. The NSC may be close to giving it.

Mar 04, 2024

— With help from Juan Perez

Driving the Day

— Health care pros are urging D.C. to pony up more support, as the ongoing outage at medical clearinghouse Change Healthcare extends into Week Two. The NSC says it could be on the way soon.

HAPPY MONDAY, and welcome to MORNING CYBERSECURITY! Millions of primary voters across the country will soon cast their ballots for one of two aging presidential candidates. I’m trademarking Super(annuated) Tuesday.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @johnnysaks130 or email me at jsakellariadis@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

Today's Agenda

CISA Executive Assistant Director Eric Goldstein and other cyber experts appear at Google’s D.C. headquarters for a series of discussions on secure software design. 2 p.m.

DON’T MISS POLITICO’S HEALTH CARE SUMMIT: The stakes are high as America's health care community strives to meet the evolving needs of patients and practitioners, adopt new technologies and navigate skeptical public attitudes toward science. Join POLITICO’s annual Health Care Summit on March 13 where we will discuss the future of medicine, including the latest in health tech, new drugs and brain treatments, diagnostics, health equity, workforce strains and more. REGISTER HERE.

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Critical Infrastructure

CALL AND RESPONSE — Health care executives and IT pros are pleading with the Biden administration and Congress to play a more forceful role in responding to the ongoing outage at medical billing giant Change Healthcare.

They may soon have reason to breathe a sigh of relief.

– The NSC view: As your MC host reported last night, the National Security Council has been convening daily calls at the deputy's level to explore how to provide rapid relief to cash-strapped health care organizations struggling to process insurance claims since Change responded to a Feb. 21 hack by taking its systems offline.

“This cashflow issue has been at the forefront since the beginning of last week for us,” said a senior administration official, granted anonymity due to the ongoing nature of the talks.

– The deets: The funding options under discussion would not require support from Congress, the official said. They include tapping existing authorities at the Health and Human Services Department, the VA, and the Center for Medicare and Medicaid Services.

NSC is also pushing insurance giant UnitedHealth Group, which owns Change, to provide more transparency about when it can bring its systems back up, per the individual.

And the Biden administration is also continually reassessing whether to declare the hack a “significant cyber incident” — a rarely used designation that would trigger a special crisis management playbook.

– The view from UnitedHealth: Tyler Mason, a spokesperson for UnitedHealth, said the firm is working around the clock to restore its systems. He also pointed to a new no-interest loan program unveiled for impacted customers on Friday, though only certain firms are eligible for it.

– The view from the sector: Prior to reporting on the NSC’s deliberations, MC spoke with 11 individuals working at or with U.S. hospitals and health care organizations affected by the incident. To a tee, they voiced deep anxiety about the mounting financial pressure stemming from the outage — and disappointment at a perceived lack of attention in D.C.

“I've moved from anxiety to being mad that it's not becoming a bigger concern,” Carter Groome, CEO of First Health Advisory, a health care-focused digital consultancy, told MC Friday.

– Not out of the woods: While news of the NSC deliberations is sure to allay some of those concerns, the agency hasn’t acted yet. And with the recent exception of Senate Majority Leader Chuck Schumer, Congress remains largely aloof amid the mounting cash crunch.

One U.S. health care professional said that while their hospital system doesn’t even use Change, it still failed to collect 13 percent of its net cash flow last week due to the outage. The individual, who was not authorized to discuss the figures publicly, explained that some insurance providers rely exclusively on Change.

“This is a bigger deal financially than Covid,” said James Lineberger, executive director of Anesthesia Associates of Boise, Idaho, a 35-physician practice that uses Change but is not eligible for United’s loan program.

Ransomware

LOCKBIT ON THE DEFENSIVE — The FBI isn’t buying ransomware gang LockBit’s claims of a stunning revival — and it doesn’t think you should, either.

In an interview Friday, Brett Leatherman, deputy assistant director of the FBI’s cyber division, told MC that the cybercrime group has not conducted a single new compromise since it was targeted in a sweeping digital sting operation late last month. Instead, what was once the world’s most prolific ransomware syndicate appears to reposting the spoils of prior hacks to a new victim-shaming site in a bid to restore its criminal bona fides.

“Look at the facts. Like, if they're standing up cheap infrastructure and releasing old data, is that really indicative of a comeback?” Leatherman said.

– Why it matters: The takedown campaign against LockBit — led by Britain’s National Crime Agency and the FBI — was one of the one most comprehensive cybercrime takedowns in recent memory, combining digital asset seizures, arrests, sanctions, indictments, and a hefty dose of trolling.

But online personas for LockBit have since claimed the operation was ineffective. In retaliation, the group even threatened to release court documents from the criminal prosecution of Donald Trump in Fulton County, Georgia, where LockBit recently staged an attack. But the idea that it had such sensitive material — always highly suspect — now appears to have been mere bluster.

– Doing our small part: Asked about the slew of high-impact ransomware attacks in recent months, Leatherman acknowledged the problem remains extensive. Fixing it, he said, will require major action outside the FBI’s control, including steps to shore up private networks.

But for the FBI’s part, Leatherman said you can expect it to keep up the pressure on ransomware gangs — even if the problem, like street crime, isn’t one we should expect the bureau to eliminate altogether.

The takedown against LockBit furnished reams of new evidence against its core members and 200 or so affiliates, Leatherman said. Besides, he argued, “having a disruption measured in months is still a win.”

Don’t sleep on it. Get breaking New York policy from POLITICO Pro—the platform that never sleeps—and use our Legislative Tracker to see what’s on the Albany agenda. Learn more.

At the Agencies

WEIGHING IN — Influential education, technology and media organizations want the Federal Communications Commission to modify its proposed three-year, $200 million pilot school cybersecurity program, our own Juan Perez writes in.

– Three fixes: Suggestions submitted to the agency through a just-completed regulatory comment period mostly fall into three buckets: requests for more money, more flexibility and a faster timeline.

NCTA – The Internet and Television Association is one of several groups pushing the commission to consider a bigger budget. “For a three-year program, $200 million may not be enough to enable a wide cross-section of schools and libraries to participate and purchase the needed cybersecurity equipment and services for their networks,” the powerful trade group headed by former FCC chief Michael Powell said in recent comments to the FCC.

– Back to school: Educational organizations also want the FCC to update its definition of network security firewalls, and let schools tap the widely-used E-Rate program to purchase advanced firewall technology.

They’re also asking to boost E-Rate’s current budget with an extra $200 million and open a “special filing window” for that program later this year so schools can access money to quickly protect their networks.

– As for the cybersecurity pilot: The groups want to slash the FCC’s proposed three-year timeline down to 18 months and devote more money to the program.

“Given this huge pool of schools and libraries, and based on the significant number of cyberattacks on schools and libraries, more than $200 million is needed to help more schools and libraries in the near term,” the groups wrote.

Tweet of the Weekend

Why you should pay attention to Moscow’s recent move to leak an intercepted phone call from German military officials:

Source: Twitter

Quick Bytes

REIN IN THE MACHINES — Israel is facing rising scrutiny of its use of artificial intelligence in the war in Gaza, my colleagues Maggie and Joseph report.

WRAY ON BUREAU’S TAKEDOWNS — FBI Director Chris Wray spoke with The Record’s Dina Temple-Raston and Jade Abdul-Malik about the bureau’s recent flurry of cyber takedown operations.

Chat soon.

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).