As the most sweeping healthcare cyberattack of our time moves into its fourth week, senators are holding closed-door meetings this week about TikTok.
Change Healthcare reported a cyberattack Feb. 21 in a situation that has since evolved to become "the most significant and consequential incident of its kind against the U.S. healthcare system in history," according to the American Hospital Association.
By Feb. 29, Change confirmed that a ransomware gang called ALPHV/BlackCat was behind the attack. The ransomware attack on the UnitedHealth Group subsidiary has halted billions of dollars in payments to medical providers, with the majority of hospitals experiencing a "significant or serious" impact and direct effects on patient care. Recovery could take months.
UnitedHealth Group has worked to design accelerated payment systems and workarounds amid ongoing system recovery efforts. Federal agencies have taken action by opening an investigation into the insurer, warning hospitals about "malicious cyber actors," and extending flexibilities to states for interim Medicaid payments.
But the level of attention toward this attack from U.S. lawmakers who could prove instrumental to warding off the next one — or at least making it more difficult — "has barely risen above a murmur," as Dave Lee, Bloomberg Opinion's U.S. technology columnist, puts it.
"As senators squabble about the theoretical vulnerability of those who use TikTok, they might want to find more time to give greater consideration to a clear and present danger erupting within the US health-care system: the continuing cyberattack that has thrown healthcare services into disarray," Mr. Lee wrote in his March 18 column.
"The nature of the breach means there are no ambulances double-parked outside emergency departments or footage of worried patients being transferred on gurneys to nearby facilities," Mr. Lee said. "But this lack of TV-news friendly shock factor shouldn't undermine the seriousness of this hack and what it says about the continued weakness of U.S. health cyberdefenses despite pledges to do better."
This week, senators are set to participate in closed-door briefings with senior officials from the Justice Department and other agencies about TikTok, a video-sharing app that the House of Representatives last week furthered legislation to ban in the U.S. unless it is sold by its Chinese owner, Bloomberg reports.
The U.S. is coming off of one of the most unproductive Congresses in modern history that seems to fancy theatrics with hope of social media virality versus meaningful, substantive healthcare lawmaking.
Before the Change Healthcare attack, Becker's covered one of the earliest hospital ransomware attacks on a small hospital in Kentucky in 2016. Since, cybergangs and criminals have grown more sophisticated, emboldened and nefarious in their targeting of hospitals and healthcare organizations. Health system ransomware attacks nearly doubled in 2023, with 141 U.S. hospitals affected last year and data stolen in 32 of 46 of the events.
"While it will be impossible to prevent cyberattacks completely, urgent action to at least make them more difficult clearly can't come quickly enough — and everyone must resist the temptation to become complacent over 'just another' cyberattack," Mr. Lee wrote.
Find the Bloomberg opinion column in full here.