During the House Energy and Commerce Subcommittee on Health hearing on April 16, the American Hospital Association (AHA) presented proposals and concerns related to addressing cybersecurity vulnerabilities in the healthcare industry following the Change Healthcare attack. AHA’s national advisor for cybersecurity and risk, John Riggi, emphasized the importance of focusing on the entire healthcare sector, not just hospitals, in efforts to combat cybercrime. He called for a comprehensive defensive strategy that includes federal agencies working to protect hospitals, health systems, and the patients they serve.
Riggi highlighted the critical nature of the healthcare sector as a top infrastructure sector with a direct impact on public health and safety. He stressed that cyberattacks on the healthcare sector pose a serious threat to patient safety and should be treated as a threat-to-life crime. He urged Congress to take action to address outstanding issues resulting from the Change Healthcare cyberattack, including ensuring that providers are reconnected to services, able to process claims, appeal denials, reconcile payments, issue patient bills, and access financial support to mitigate costs incurred.
Other individuals who testified at the hearing included Greg Garcia from the Healthcare Sector Coordinating Council, Robert Sheldon from CrowdStrike, Scott MacLean from the College of Healthcare Information Management Executives, and Dr. Adam Bruggeman from the Texas Spine Center. Each of them provided valuable insights and perspectives on healthcare cybersecurity and the need for coordinated efforts to enhance protections and response capabilities in the face of evolving cyber threats.