CyberScoop reports that the massive Change Healthcare breach in 2024, which stemmed from the lack of multi-factor authentication on a remote access portal, has prompted the Department of Health and Human Services to place heightened scrutiny on the security practices of third-party service providers.Such an attack, which exposed data from 190 million people and emphasized previously unrecognized risks tied to external vendors, "threatened the liquidity of our entire health care system," said Charlee Hess, director of the healthcare and public health sector cybersecurity at the HHS' Administration for Strategy Preparedness and Response division, at this year's CyberTalks."We recovered from that, but we realized there are third-party risks lurking in our health care system, and we don't even know they're there. Where are those entities or systems that will have an outsized impact on our sector?" Hess added.Multiple proposals imposing mandatory cybersecurity rules on hospitals have since been made in the wake of the Change Healthcare breach. However, such regulations have been opposed by the healthcare organizations, which argued its additional burdens on the sector, even if the Change Healthcare intrusion involved external compromise.
Critical Infrastructure Security, Government Regulations, Supply chain
HHS intensifies scrutiny of third-party vendor cybersecurity

(Photo by J. David Ake/Getty Images)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



