CYBERATTACK FALLOUT ONGOING — The lingering service outage at Change Healthcare, the nation’s largest claims processing system, is expected to end this week. But the investigation into how it happened and what can be done to prevent another is just beginning, POLITICO’s Robert King and Kelly Hooper report. Calls for a probe: Since Feb. 21, a cyberattack on the medical clearinghouse has left health providers unable to submit claims and pharmacies incapacitated. While Change’s owner, UnitedHealth Group, has pledged to fully restore its claims network this week, the devastating outage has sparked calls for an investigation and questions over whether the health industry is prepared to prevent a similar attack. “This is a watershed moment in health care, where suddenly everyone knows now how interconnected, how dependent, how fragile the bigger health care ecosystem is in the U.S.,” said Errol Weiss, the chief security officer at the Health Information Sharing and Analysis Center, a nonprofit that shares cyber threat intelligence with its members. Cybersecurity experts say the attack has shown the need for a functional backup network that can continue to operate during an outage. Lawmakers step in: Congress is expected to examine how and why the outage occurred and who could be responsible. “As these companies have become so large, it is creating a systemic cybersecurity risk,” said Sen. Ron Wyden (D-Ore.) during a hearing Thursday of the Senate Finance Committee. Imposing penalties: HHS Secretary Xavier Becerra told the committee that his agency has pressed UnitedHealth to do more to help affected health providers. He also proposed fining hospitals that don’t implement cybersecurity minimums. The proposal has gotten major pushback from hospital groups that say facilities already do a lot to prevent attacks. “I don’t know of any hospital that takes this lightly,” said Chip Kahn, president and CEO of the Federation of American Hospitals. “There is no system in the country, except maybe the federal government, that gets attacked as much as the healthcare system does.” On Friday, CMS announced new ways to help Medicaid providers affected by the Change cyberattack recoup payments, including allowing states to pursue the option to make retroactive payments to the date when the cyberattack disrupted payment processes. HHS and White House officials are slated to meet with payers today to discuss the attack. Ahead of the meeting, HHS spokesperson Jeff Nesbit said in a statement that the agency expects “payers to follow HHS’ lead and provide advance payments to providers, enact appropriate flexibilities, proactively identify providers in need, and expedite claims processing.” WELCOME TO MONDAY PULSE. The cherry blossom trees in D.C. reached peak bloom this week. In totally related news, my allergies are out of control. Send your tips, scoops and feedback to ccirruzzo@politico.com and bleonard@politico.com and follow along @ChelseaCirruzzo and @_BenLeonard_.
|
No comments:
Post a Comment