Are Cyberattacks Really Hurting the Health-Care System?


It sometimes feels as if no one’s safe from cyberattacks. The Equifax fiasco is just the latest in a string of attacks, each one seemingly broader in scope than the last. Now it appears that the health-care sector has been affected by cyberattacks more than previously known.

Rep. Greg Walden (R-Ore.) recently sent a letter to Nuance, a Burlington, Mass.-based provider of transcription and dictation services, requesting details on how the company weathered June’s NotPetya malware attack. While Nuance was able to prevent any long-lasting damage, the attack prevented customers from using the company’s services for an extended period of time, which “represents a new challenge in that it is one of the first instances in which a malware infection has so severely disrupted the ability of health care professionals to treat patients,” Walden said in the letter.

The NotPetya attack involved a virus that exploited software vulnerabilities at companies across the globe, encrypting data and locking employees out of their own systems.

The letter demonstrates a growing congressional interest in the cybersecurity of the health-care sector, W. Reece Hirsch, a health-care attorney with Morgan, Lewis & Bockius LLP in San Francisco, told me. Walden and other Republican leaders previously sent a letter to Merck, requesting details on how the NotPetya attack affected the company’s manufacturing capabilities.

Congress may end up encouraging the health-care sector to improve the sharing of cyberthreat data, Hirsch said. However, he said new legislation is unlikely, as the Health Insurance Portability and Accountability Act’s Security Rule is fairly robust as is.

Health-care companies need to make sure that cyberattacks are a part of their regular risk analyses, Hirsch said.

Read my full story here.

Stay on top of new developments in health law and regulation with a free trial to the Health Law Resource Center.

Learn more about Bloomberg Law and sign up for a free trial.