Requires higher response amid consolidation
In the meantime, the ransomware assault on Change Healthcare has triggered calls for for obligatory baseline security requirements for healthcare suppliers. Earlier this month, UnitedHealth confronted criticism for its dealing with of the assault throughout a three-hour session earlier than the Home Vitality and Commerce Committee.
Considerably, the incident has introduced issues about healthcare consolidation. UnitedHealth, a conglomerate of medical health insurance enterprises, merged with Change Healthcare in 2022.
In the course of the Congressional listening to, E&C Chair Cathy McMorris Rodgers cautioned that because the healthcare system consolidates, the consequences of profitable cyberattacks may change into extra widespread.
Sub-committee member Anna Eshoo characterised the healthcare sector as a “hackers’ playground,” noting that UnitedHealth is especially weak attributable to its dimension.
“The assault exhibits how UnitedHealth’s anticompetitive practices current a nationwide security danger as a result of its operations now prolong by each level of our well being care system,” Eshoo mentioned. “The cyberattack laid naked the vulnerability of our nation’s healthcare infrastructure.”
Issues about Citrix
This incident has additionally introduced Citrix’s vulnerability beneath the scanner. In 2022, the NSA reported {that a} hacking group named APT5 — believed to be Chinese language — exploited a vulnerability in Citrix networking gear to conduct espionage.
