© 2024 Connecticut Public

FCC Public Inspection Files:
Public Files Contact · ATSC 3.0 FAQ
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Experts examine how hackers took down a top digital health care payment system


Pharmacies across the country have a backlog of insurance claims waiting to be paid. That's after hackers took down one of the top digital payment systems for the health care industry in late February. Cybersecurity experts hope to seize the moment to push for better cybersecurity standards across critical infrastructure. NPR's Jenna McLaughlin reports.

JENNA MCLAUGHLIN, BYLINE: Criminal hackers broke into systems at Change Healthcare earlier this winter. Different parts of the industry started to fall like dominoes. Patients couldn't get prescriptions. Providers couldn't get paid. As things get back online, the backlog of claims is staggering. The health care industry has been a top target for ransomware gangs for years, but the sheer impact of this breach even took experts by surprise. I spoke to Josh Corman, a leader in health care and cybersecurity.

JOSH CORMAN: So we knew and focused a lot of debate and argument on how to make health care stronger.

MCLAUGHLIN: He's talking about when he led the government's efforts to tackle cybersecurity threats posed by the COVID-19 pandemic.

CORMAN: But in the process of that debate, very little attention was focused on these systemically important critical infrastructure segments like payment platforms or middleware.

MCLAUGHLIN: Corman and experts like him have been shouting at the rooftops to improve protections for health care for years, but they hope this cascading outage could be a watershed moment to push for long stalled legislation that would help the government identify and assist the most vulnerable, vital entities, the kinds of companies that, if they were to go down, would cause nationwide chaos. The director of the Department of Homeland Security cyber agency wants Congress to go even further.

JEN EASTERLY: Voluntary commitments are just not going to suffice in ensuring that Americans are safe and secure, which is why I do think it's important for Congress to consider minimum cybersecurity standards.

MCLAUGHLIN: That's Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency. Easterly says CISA has been working on studying the health care industry and creating its own list of important and vulnerable companies. The industry is massive and complex, and CISA has limited resources and authority. Companies never want more regulation, more scrutiny. But they need a push, says Easterly.

EASTERLY: I think patients should have an expectation that they can have access to health care and public health facilities when they need it.

MCLAUGHLIN: Without better cybersecurity, patients can't fully rely on their doctors anymore.

Jenna McLaughlin, NPR News.

(SOUNDBITE OF GOBI'S "EXIT.WAV") Transcript provided by NPR, Copyright NPR.

NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Jenna McLaughlin
Jenna McLaughlin is NPR's cybersecurity correspondent, focusing on the intersection of national security and technology.

Stand up for civility

This news story is funded in large part by Connecticut Public’s Members — listeners, viewers, and readers like you who value fact-based journalism and trustworthy information.

We hope their support inspires you to donate so that we can continue telling stories that inform, educate, and inspire you and your neighbors. As a community-supported public media service, Connecticut Public has relied on donor support for more than 50 years.

Your donation today will allow us to continue this work on your behalf. Give today at any amount and join the 50,000 members who are building a better—and more civil—Connecticut to live, work, and play.