# Opener

Incentivizing Healthcare Cybersecurity

Published by Axio

Proposed federal legislation, termed the “Health Care Cybersecurity Improvement Act of 2024,” aims to expedite Medicare payments to healthcare providers impacted by cyberattacks, provided they and their vendors adhere to specified cybersecurity standards. Senator Mark R. Warner introduced this bill on Friday, March 22, in response to the ransomware incident targeting Change Healthcare, which jeopardized the financial stability of numerous providers.

Senator Warner emphasized the vulnerability of the entire healthcare industry, underscoring the need for enhanced cybersecurity measures. The legislation seeks to offer financial incentives to encourage providers and vendors to bolster their cybersecurity defenses.

Under the bill, the Centers for Medicare & Medicaid Services (CMS) would facilitate advance payments to Medicare Part A providers and Part B suppliers facing financial strain due to cyber incidents. The Secretary of Health and Human Services would determine eligibility for such payments based on whether the cyber incident necessitated them, if the recipient meets cybersecurity standards, and if their intermediary also complies with these standards.

Senator Warner stressed the urgency of addressing cybersecurity risks in healthcare, warning of potential disruptions in patient care due to major cyberattacks. In the aftermath of the February 21 breach at Change Healthcare, UnitedHealth Group (UHG), its parent company, has been diligently working to restore services while facing a federal investigation.

On March 10, the U.S. Department of Health and Human Services and the Department of Labor issued a joint letter urging UHG to support healthcare providers affected by the cyberattack, highlighting the critical need for industry-wide collaboration and assistance.

The nation’s largest healthcare organizations depend on the Axio platform to build an enterprise-wide cybersecurity standard. Axio360 is a complete risk management solution designed to reduce cyber risks continuously. Healthcare organizations can identify priority scenarios and select the most cost-effective controls to protect their crown jewels. Interested in learning more about what we do? Get started with a demo of our platform, we’re here to help.