Leading senators want the Department of Health and Human Services (HHS), insurers and hospitals alike to know they’re keeping a close eye on the fallout from Change Healthcare’s cyberattack.
During his opening comments for a hearing Thursday on the president’s proposed HHS budget for 2025, Senate Finance Committee ranking member Mike Crapo, R-Idaho, acknowledged the department’s recent guidance and flexibilities for those impacted by one of the most disruptive cybersecurity incidents in the industry’s history.
However, he also told HHS Secretary Xavier Becerra that “the over two-week delay resulted in [avoidable] uncertainty. Already financially vulnerable rural hospitals and providers, with little to no cash reserves, required immediate action by the Administration to ensure payrolls could be met and services could continue without interruption.”
Crapo capped his comment by urging HHS to provide prompt updates to industry and Congress “on efforts to limit further disruption.”
“We’re saying to [payers]: You need to start making payments” — HHS Secretary Xavier Becerra
The committee’s chair, Ron Wyden, D-Oregon, went a step further and held the incident as evidence that policymakers must strengthen cybersecurity requirements for the private healthcare sector. Payers and providers alike have recently “become so large, it is creating a systemic cybersecurity risk” attracting attention from criminals and foreign actors, he said.
The senator pointed to lines in HHS’ budget that would bring stronger penalties and mandatory cybersecurity standards for hospitals as “a great first step,” and urged the department to go a step further by introducing fines and accountability “for negligent CEOs, for example, which will enable HHS to better protect patients and our national security.”
When asked by Wyden to commit to such measures, Becerra responded that “we [HHS] look forward to working with you and every member on this dais on these issues.”
The hospital industry has harshly denounced any mandatory cybersecurity requirements. In statements given shortly after HHS unveiled its cybersecurity strategy in December, American Hospital Association President and CEO Rick Pollack said that monetary fines, diminished reimbursement or other penalties would only serve to “diminish hospital resources needed to combat cyber-crime and would be counterproductive to our shared goal of preventing cyberattacks.”
“While this has been some progress, our providers are facing a really long road ahead,” she said to the secretary.
Hassan said she also spoke about the issue on Monday with President Joe Biden and Thursday morning with UnitedHealth Group CEO Andrew Witty. The latter, she said, was “what I would call a constructive conversation” that included “new commitments to provide cash aid today to the providers in my state who need it without any unfair or risky terms.”
Hassan closed her speaking time by asking Becerra how HHS will ensure the payer will stick to such commitments. The secretary pointed to a roundtable the White House held with payers and providers earlier this week and noted that a follow-up meeting is being held Friday.
“We’re saying to [payers]: You need to start making payments,” Becerra said. “While you may not receive the actual bill, you have a general sense on a monthly basis what these providers bill you, so there’s no reason to not work out advanced payments to these hospitals and other doctors and other providers.”
Much of Thursday’s hearing focused on the administration’s proposed budget and health policy goals for the coming year.
Democrats broadly reinforced their support for White House priorities around reproductive health access and expanding Medicare drug price negotiations under the Inflation Reduction Act. Republicans steered the conversation toward HHS’ role in the border crisis and told Becerra to pass along their concerns that Medicare’s price controls are stifling pharmaceutical innovation.
The senators also sought confirmation from Becerra that pharmacy benefit managers’ role in healthcare costs and telehealth coverage extensions are being pursued by the department.
Leave a Reply
You must be logged in to post a comment.