U.S. House Highlights Cybersecurity Standards in Healthcare | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


*We are publishing this week’s Check-Up earlier than usual due to internal scheduling changes. We will be back on schedule next Friday, April 26.

  • House Energy & Commerce Health Subcommittee Holds Hearing on Cybersecurity. In the wake of the Change Healthcare cybersecurity attack, members discussed cybersecurity standards and called for investigations into healthcare mergers and acquisitions.
  • House Energy & Commerce Oversight & Investigations Subcommittee Holds Hearing on Improper Payments. The hearing focused on potential solutions to reduce improper payments in the Medicare and Medicaid programs.
  • House Energy & Commerce Innovation, Data & Commerce Subcommittee Holds Legislative Hearing on Data Privacy. The hearing examined ways for Congress to enact strong data privacy and security standards to protect individuals.
  • Senate Special Committee on Aging Holds Hearing on Long-Term Care Workforce. Members discussed the need for additional support and reform for the long-term care workforce.


House Energy & Commerce Health Subcommittee Holds Hearing on Cybersecurity. During the hearing, there was bipartisan concern about UnitedHealth Group’s response to the Change Healthcare cyberattack and consensus around the need for improved cybersecurity standards. Members also called for the Federal Trade Commission and US Department of Justice to investigate healthcare mergers and acquisitions, expressing concern about vertical integration’s impacts on cyberattack vulnerability.

In advance of the hearing, bipartisan committee leaders sent a letter about the Change Healthcare cyberattack to UnitedHealth Group. The letter requested information regarding UnitedHealth Group’s efforts to secure Change Healthcare’s systems, and regarding efforts being taken to restore system functionality and support patients and providers affected by the attack. The letter asked for a response to questions relating to the status and impact of the cyberattack and system restoration, identification and immediate response to the cyberattack, cybersecurity protocols and dedicated resources, response to the healthcare community and recovery. A response is requested by April 29. Energy & Commerce Chair McMorris Rodgers (R-WA) noted that UnitedHealth recently briefed the committee and has agreed to come to a future hearing as well.

In related news, Senate Finance Committee Chairman Wyden (D-OR) is expected to schedule a hearing in the near future during which UnitedHealth Group’s CEO will be invited to testify.

House Energy & Commerce Oversight & Investigations Subcommittee Holds Hearing on Improper Payments. During the hearing, the subcommittee heard testimony from the US Government Accountability Office (GAO), the US Department of Health and Human Services (HHS) Office of Inspector General, the chair of the Medicare Payment Advisory Commission, and a commissioner from the Medicaid and CHIP Payment and Access Commission.

Witnesses and members highlighted the need for transparency when reducing improper payments within the Medicare and Medicaid programs. Democrats raised concern about overpayments and the high volume of prior authorization denials in Medicare Advantage plans. Witnesses and members noted that improper Medicare and Medicaid payments can occur because of administrative errors, duplicative and deceased individuals enrolled, and some bad actors. The hearing discussed how advancements in technology and data analytics can be used to enhance the detection and prevention of improper payments in Medicare and Medicaid.

GAO released its report titled “Medicare and Medicaid: Additional Actions Needed to Enhance Program Integrity and Save Billions” as its written testimony for the hearing. The report found a combined total of more than $100 billion in improper payments in the Medicare and Medicaid programs in FY 2023, representing 43% of the government-wide total of estimated improper payments that agencies reported for that year.

House Energy & Commerce Innovation, Data & Commerce Subcommittee Holds Legislative Hearing on Data Privacy. During the hearing, there was bipartisan support for the American Privacy Rights Act. A few witnesses shared concerns that the bill needs more data privacy protections that were originally included in the American Data Privacy and Protection Act that passed out of the Energy & Commerce Committee in 2022. Members and witnesses emphasized their concerns for children’s safety due to a lack of privacy protections and shared their support for H.R. 7890, the Children and Teens’ Online Privacy Protection Act. There was also discussion around the need for legislation that strikes a balance to allow for innovative biomedical research conducted for the benefit of patients.

Senate Special Committee on Aging Holds Hearing on Long-Term Care Workforce. During the hearing, Chairman Casey (D-PA) announced the introduction of the Long-Term Care Workforce Support Act, which would make generational investments in the direct care workforce by supporting pathways to enter the workforce, improving compensation, ensuring safe working environments, and providing opportunities for effective recruitment and training strategies that promote retention. Witnesses emphasized the need for additional support and reform for the evolving needs of the direct care workforce and highlighted obstacles and burdens that workers face.

House Energy & Commerce Health Subcommittee Holds HHS Budget Hearing. This week, the House Energy & Commerce Health Subcommittee will also hold a hearing on HHS’s FY 2025 budget request with Secretary Becerra. We expect discussion around prescription drugs, cybersecurity and healthcare costs.


Administration Releases Global Health Security Strategy. The new strategy will drive action across federal departments and agencies and rally support from other countries, the private sector and civil society to better prevent, detect, respond to and recover from infectious disease threats. The strategy outlines three goals:

  • Strengthen global health security capacities through bilateral partnerships.
  • Catalyze political commitment, financing and leadership to achieve health security.
  • Increase linkages between health security and complementary programs to maximize impact.

The HHS press release can be found here, and a fact sheet on the strategy can be found here.

Pending Regulations. We expect final Medicaid access, Medicaid managed care and nurse staffing ratio final rules to be published soon. If those rules are published this week, we will follow up in our next publication with updates from those regulations.


  • GAO Releases Report on PBMs. GAO studied five states that have laws to regulate pharmacy benefit managers (PBMs) and found that all five states regulate the companies’ drug pricing and pharmacy payments – including by limiting companies’ use of manufacturer rebates and their ability to pay pharmacies less than health plans are charged.
  • CBO Releases Report on ACOs. This Congressional Budget Office (CBO) report found that accountable care organizations (ACOs) led by independent physician groups, ACOs with a larger proportion of primary care providers, and ACOs whose initial baseline spending was higher than the regional average are associated with greater savings. The report also found that factors that limit ACO savings include weak incentives for ACOs to reduce spending, a lack of resources necessary for providers to participate in ACO models, and providers’ ability to selectively enter and exit the program on the basis of their anticipated financial benefits or losses.


Congress is scheduled to be in recess next week and will return the week of April 29. As noted above, we expect a hearing on the Change Healthcare cybersecurity attack to occur soon after Congress returns.


Click Here For The Original Source.

National Cyber Security