This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| 1 minute read

Federal Cyber Standards Coming to a Hospital Near You?

The White House is set to require baseline cybersecurity standards for hospitals, according to news reports in mid-May.  The move is a reaction to the crippling attack on payment processor Change in February, which left facilities unable to fill prescriptions or bill for procedures.  The attackers may have had access to personal information of as many as 100 million Americans, and the halt in payment processing left many small providers reeling from lack of revenues.  

United Healthcare, the parent of Change, has revealed that the attack vector was a server not secured by multi-factor authentication.  

Why It Matters

The healthcare industry has been targeted repeatedly by hackers and threat actors. The administration is clearly attuned to vulnerabilities that can impair delivery of services. The Change attack exposed critical issues: that so many Americans' information and care depends on one vendor, that failure to secure one server with a basic tech tool can bring so much damage. When the information, and the services, provided by an industry are so critical and so sensitive, suppliers are a key part of the security plan.  

The White House has said training to rural facilities will be part of the roll-out of cybersecurity standards.  

Subscribe to Taylor English Insights by topic here.

The intrusion at Change — a central node in the healthcare system that carried terabytes of data for doctors, pharmacies, insurers and the government — demonstrated the way a single point of failure can compromise a nationwide industry. The breach tilted some clinics into financial peril and potentially reduced UnitedHealth’s profits this year by as much as $1.6 billion.


data security and privacy, hill_mitzi, health care, insights