The recent cyberattack on healthcare organization Change Healthcare has sparked a call for tighter security measures across the industry. Former CISO at UnitedHealth Group, Booker, emphasized the importance of focusing on essential security measures such as multifactor authentication and ensuring that they are implemented everywhere. He stressed the need for organizations to have assurance capabilities to validate the effectiveness of their security protocols.
According to a report by HIMSS, there is a pressing need for healthcare organizations to do more to enhance their cybersecurity posture. The authors of the report highlighted the importance of regularly briefing boards of directors on cybersecurity risks, with the goal of increasing awareness and proactive measures within organizations. Additionally, they pointed out the need for improved supply chain risk management, as many organizations lack robust cybersecurity supply chain management programs.
HIMSS officials have recommended adopting the NIST Cybersecurity Framework Version 2.0 and the recently released US Department of Health and Human Services’ voluntary cybersecurity performance goals (CPGs) to bolster cybersecurity efforts in the healthcare sector. Senator Ron Wyden, a strong advocate for healthcare cybersecurity regulations, criticized the Biden administration for what he considers a slow timeline for implementing such regulations.
Industry experts and officials are in agreement that urgent action is needed to strengthen cybersecurity defenses in healthcare organizations. The recent attack on Change Healthcare has served as a wake-up call, prompting leaders to reassess their security measures and resilience strategies. Benjamin Luthy, a cybersecurity program director, emphasized the importance of learning from incidents like the Change Healthcare attack to improve security practices across the industry.
Overall, the cybersecurity incident at Change Healthcare has highlighted the critical need for healthcare organizations to prioritize cybersecurity and implement robust security measures. The industry is now facing increasing pressure to enhance cybersecurity practices and adopt proactive strategies to safeguard patient data and ensure uninterrupted healthcare services. With the support of lawmakers and industry experts, healthcare organizations are striving to bolster their cybersecurity defenses and prevent future cyberattacks.