The Change Healthcare and Ascension cyberattacks were disastrous. Can $50 million stop the next breach?

This February, the UnitedHealth subsidiary Change Healthcare was attacked by hackers, causing a nationwide outage of the network with huge ripple effects for doctors and patients.

Three months later, the U.S. government is stepping in to commit more than $50 million toward preventing future cyberattacks on the healthcare industry. Here’s what you need to know:

Sensitive health data in the spotlight

As one of the largest health payment processing companies in the world, Change Healthcare handles around 15 billion claims each year. When the server went dark earlier this year, many healthcare providers were unable to communicate with insurance companies, leading to billions of dollars worth of disrupted payments and limited care for patients. The breach likely leaked the personal data of up to one in three Americans. 

Then, this month, the healthcare network Ascension was also brought offline by hackers. The quick succession of these major breaches has shown that the healthcare sector is a prime target for cybercriminals, and U.S. health officials announced today that they plan to take a stand to combat the issue.

What the government is doing

A federal investment of $50 million will be allocated to organizations that can build tools to protect internet-connected hospital equipment from ransomware. The goal of the program, named the Universal PatchinG and Remediation for Autonomous DEfense (UPGRADE), will be to create an autonomous cyber-threat solution that can adapt to many devices and diverse hospital environments. 

“UPGRADE expects to bring together equipment manufacturers, cybersecurity experts, and hospital IT staff to develop a tailored and scalable software suite for hospital cyber-resilience,” the initiative’s website reads. “This broad effort intends to secure whole systems and networks of medical equipment to ensure mitigations can be deployed at scale.”

The UPGRADE program will be headed by ARPA-H, an agency under the Department of Health and Human Services (HHS). According to Andrea Palm, HHS deputy secretary and department lead on cybersecurity work, the destructive potential of healthcare cyberattacks necessitates this broader intervention.

“U.S. healthcare is a private-market system—we have levers in our regulatory tools, but that only goes so far,” Palm said in an interview with Bloomberg. “It’s finally coming to the fore as a priority because of the increase in attacks that we’ve seen.”

https://www.fastcompany.com/91128296/change-healthcare-ascension-ransomware-breach-update-stop-future-cyberattacks?partner=rss&utm_source=rss&utm_medium=feed&utm_campaign=rss+fastcompany&utm_content=rss