White House to push cybersecurity standards on hospitals after Change Healthcare breach

Deputy national security adviser for cyber and emerging technology Anne Neuberger speaks about the Colonial Pipeline cyberattack during the daily press briefing at the White House on May 10, 2021, in Washington, D.C. (Drew Angerer/Getty Images/TNS)

WASHINGTON — The Biden administration intends to require hospitals to meet minimum cybersecurity standards after a single hack exposed the data of 100 million Americans, according to a senior U.S. cybersecurity official.

“We look to putting in place minimum cybersecurity standards for hospitals in the near term,” Anne Neuberger, deputy national security adviser for cyber and emerging technology, said in an interview at the Bloomberg Tech Summit in San Francisco on Thursday. Neuberger didn’t spell out the time line in which the administration plans to push out the rule.


The announcement follows a February hack against Change Healthcare, a unit of UnitedHealth Group Inc., that snarled billions of dollars of payments to doctors and hospitals, delayed patient care and saw hackers make off with patient medical data of as many as one in three Americans.

The intrusion at Change — a central node in the health-care system that carried terabytes of data for doctors, pharmacies, insurers and the government — demonstrated the way a single point of failure can compromise a nationwide industry. The breach tilted some clinics into financial peril and potentially reduced UnitedHealth’s profits this year by as much as $1.6 billion.

During the early weeks of the attack, medical billings were 20% lower than normal, Neuberger said, adding, “that’s 20% fewer procedures.”

In parallel to pushing out rules for hospital cybersecurity, the Biden administration intends to offer free training to 1,400 small, rural hospitals across the country, according to Neuberger. She said the training will become available “in the next few weeks.”

The health care sector has been a recurrent target of criminal hackers, who have encrypted computer networks and stolen sensitive data in lieu of extortion payments. On Wednesday, Ascension, one of the country’s largest chains of Catholic hospitals, said it was investigating a cybersecurity incident on some of its network systems.

“There has been a disruption of clinical operations, and we continue to assess the impact and duration of the disruption,” Ascension said in a statement.

Leave a Reply

Your email address will not be published. Required fields are marked *


By participating in online discussions you acknowledge that you have agreed to the Star-Advertiser's TERMS OF SERVICE. An insightful discussion of ideas and viewpoints is encouraged, but comments must be civil and in good taste, with no personal attacks. If your comments are inappropriate, you may be banned from posting. To report comments that you believe do not follow our guidelines, email hawaiiwarriorworld@staradvertiser.com.