Warner Urges Biden Administration to Release Updated Cybersecurity Policies in the Health Care Sector

Letter

I write today to urge you to prioritize the development of mandatory minimum cyber standards and to propose them as soon as possible, given the increasing severity, frequency, and sophistication of cybersecurity threats and attacks. Health care is one of the largest sectors in the U.S. economy, with health expenditures accounting for 17 percent of the United States’ gross domestic product in 2022, and expected to grow to nearly 20 percent by 2032. More important than the economic risks cyberattacks pose to the health care sector are the vulnerabilities to patients’ access to care and private health information. Simply put, inadequate cybersecurity practices put people’s lives at risk.

Due to some entities failing to implement basic cybersecurity best practices, such as the lack of multi-factor authentication resulting in the successful attack on Change Healthcare, the capability required of a threat actor to carry out an operation in the sector can be quite low.

Source