Senator Bill Cassidy | Sen. Bill Cassidy Official Website
Senator Bill Cassidy | Sen. Bill Cassidy Official Website
WASHINGTON – U.S. Senators Bill Cassidy, M.D. (R-LA), Elizabeth Warren (D-MA), and Richard Blumenthal (D-CT) have called for answers from the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) regarding ransomware attacks on the American health care system.
In a letter to CISA Director Jen Easterly, the senators highlighted the impact of a ransomware attack on Change Healthcare, the largest processor of medical claims in the U.S. The attack, carried out by the Russian-linked cybercriminal group ALPHV Blackcat on February 21, 2024, led to significant disruptions in the healthcare system.
The senators noted that the attack forced Change Healthcare to disconnect over 100 technology platforms, affecting thousands of patients and providers. They emphasized the concerning trend of cybercriminals gaining access to computer systems, encrypting data, and demanding ransom payments for decryption.
The senators stated, "The latest attacks on Change Healthcare underscore the urgent need for more oversight and investigation into the frequency, scope, and root causes of these attacks, specifically with regards to cryptocurrency’s role."
The letter also addressed the aftermath of the attack, with a second ransomware group, RansomHub, taking control of stolen data and threatening to sell patient records unless another ransom is paid. This escalation further highlights the need for stronger measures to combat ransomware attacks.
The senators urged CISA to provide information on the steps taken to estimate the scope of ransomware attacks, cooperate with other federal agencies, and prepare the healthcare industry for potential future attacks. They emphasized the importance of addressing cryptocurrency's role in facilitating ransom payments and ensuring rapid response plans are in place.
The ongoing threats posed by ransomware attacks on the healthcare sector highlight the critical need for enhanced cybersecurity measures and collaborative efforts among government agencies and industry stakeholders to safeguard sensitive patient data and maintain essential healthcare services.