Calls for better response amid consolidation

Meanwhile, the ransomware attack on Change Healthcare has triggered demands for mandatory baseline security standards for healthcare providers. Earlier this month, UnitedHealth faced criticism for its handling of the attack during a three-hour session before the House Energy and Commerce Committee.

Significantly, the incident has brought concerns about healthcare consolidation. UnitedHealth, a conglomerate of health insurance enterprises, merged with Change Healthcare in 2022.

During the Congressional hearing, E&C Chair Cathy McMorris Rodgers cautioned that as the healthcare system consolidates, the effects of successful cyberattacks could become more widespread.

Sub-committee member Anna Eshoo characterized the healthcare sector as a “hackers’ playground,” noting that UnitedHealth is particularly vulnerable due to its size.

“The attack shows how UnitedHealth’s anticompetitive practices present a national security risk because its operations now extend through every point of our health care system,” Eshoo said. “The cyberattack laid bare the vulnerability of our nation’s healthcare infrastructure.”

Concerns about Citrix

This incident has also brought Citrix’s vulnerability under the scanner. In 2022, the NSA reported that a hacking group named APT5 — believed to be Chinese — exploited a vulnerability in Citrix networking gear to conduct espionage.