Hospital Lobbyists Fought to Cut Penalties for Cybersecurity Breaches

Amid the Change Healthcare ransomware attack, a law signed the day before the January 6th riot shows that the industry is more interested in limiting liability.

BY DAVID DAYEN APRIL 18, 2024


On Tuesday, the House Energy and Commerce Committee held a hearing on the February 21 Change Healthcare ransomware attack, which disabled a key software conduit used in billing. The hack, which cost medical providers as much as $1 billion per day, has still not been fully repaired. With nearly every hospital network financially affected, band-aid relief from Change’s parent company—the health care giant UnitedHealth—and the federal government has thus far been inadequate.

Members of the committee flared in anger at how a single, consolidated middleman network could perpetuate such lasting harm. “The attack shows how UnitedHealthcare’s anti-competitive practices present a national-security risk,” said Rep. Anna Eshoo (D-CA), ranking Democrat on the health subcommittee, a sentiment echoed by members of both parties and key witnesses, who called for an end to vertical integration in health IT.

UnitedHealth made nobody available for the hearing, though the company committed to testifying at a later date; its CEO Andrew Witty will appear before the Senate at the end of the month. The incident hasn’t affected UnitedHealth much at all; its latest quarterly earnings report beat expectations with $8.5 billion in profits, despite the attack, and the stock soared on Tuesday.
https://prospect.org/health/2024-04-18-hospital-lobbyists-fought-penalties-cybersecurity-breaches/