The Department of Health and Human Services (HHS) has not fully implemented necessary improvements to its cybersecurity risk management responsibilities for the healthcare and public health sectors, says the Government Accountability Office (GAO). In a new report, the GAO cites the increasing examples of cyberattacks in the health sector, including the February 2024 Change Healthcare ransomware attack that caused significant hardship for post-acute and long-term care providers, and offers several recommendations for further steps HHS should take.
LeadingAge engaged with HHS to help members affected by the Change Healthcare attack, and also offers valuable cybersecurity resources from LeadingAge CAST and business partners.