The American Hospital Association (AHA) participated in a Wall Street Journal Tech Live Cybersecurity event on June 6 to discuss the historic cyberattack on Change Healthcare that occurred on Feb. 21. Stacey Hughes, the AHA’s executive vice president of government relations and public policy, addressed the impact of the attack on hospitals and health systems. She also discussed the government’s response to the incident, highlighted how UnitedHealth Group’s size played a role in the attack, and shared insights on what is to come in federal cybersecurity policy. Hughes engaged in a conversation with Erik Decker, the vice president and chief information security officer for Intermountain Health, and WSJ Reporter James Rundle during the event.
When questioned about the government’s reaction to the cyberattack, Hughes pointed out that it took some time for many individuals to realize the seriousness of the incident. She emphasized that UnitedHealth Group downplayed the impact of the attack initially, which influenced policymakers to respond slowly. Hughes acknowledged that there is room for improvement in how the government handles such situations and stressed the importance of understanding the government’s role in addressing cybersecurity threats.
Recently, the Department of Health and Human Services made an announcement stating that hospitals and health systems have the authority to require UnitedHealth Group to notify patients if their data was compromised during the cyberattack. This development demonstrates a proactive step towards protecting the affected individuals and ensuring transparency in such situations.