WASHINGTON – Today, U.S. Sen. Mark Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, released the following statement on the cybersecurity incident at Change Healthcare:

“This ransomware attack on a major health care company should surprise no one. For some time, I have been sounding the alarm on the need for the entire health care sector to drastically step up its game when it comes to cybersecurity. We’ve previously seen incidents that have caused regional disruptions in clinical care, and it was only a matter of time before one disrupted the ability to treat patients nationwide.

“The U.S. Department of Health and Human Services is working around the clock to help health care providers navigate the attack, and I urge them to ensure all Medicare providers can receive advance and accelerated payments to help them ride this crisis out. If HHS requires additional authorities from Congress to support providers during this time, it’s critical we know that so that we can act as soon as possible.

“This attack demonstrates that we need to have backup plans in place for such incidents. I plan to write and introduce legislation that would provide for accelerated and advanced payments to providers and vendors to protect them in the event of future disruptions, as long as they meet minimum cybersecurity standards.

“While the repercussions of this incident have been primarily – though not wholly – financial, what keeps me up at night is the possibility of a similar widespread attack directly affecting patient care and safety. That is why it is time to consider mandatory cyber hygiene standards for health care providers and their vendors. Sterilization and hand hygiene practices prevent infections – and cyber hygiene practices prevent cyber intrusions. Both are critical to protect patients.”

Sen. Warner has been a leader in the cybersecurity realm throughout his time in the Senate, crafting numerous pieces of legislation aimed at addressing these threats facing our nation. Recognizing that cybersecurity is an increasingly complex issue that affects the health, economic prosperity, national security, and democratic institutions of the United States, Sen. Warner cofounded the bipartisan Senate Cybersecurity Caucus in 2016.  A year later, in 2017, he authored the Internet of Things (IoT) Cybersecurity Improvement Act. This legislation, signed into law by President Donald Trump in December 2020, requires that any IoT device purchased with federal funds meet minimum security standards. As Chairman of the Senate Select Committee on Intelligence, Sen. Warner co-authored legislation that requires companies responsible for U.S. critical infrastructure report cybersecurity incidents to the government. This legislation was signed into law by President Joe Biden as part of the Consolidated Appropriations Act in March 2022.

Sen. Warner has also examined cybersecurity in the health care sector specifically. In 2022, Sen. Warner authored “Cybersecurity is Patient Safety,” a policy options paper, outlining current cybersecurity threats facing health care providers and systems and offering for discussion a series of policy solutions to improve cybersecurity across the industry.  Since publishing, Sen. Warner has launched the Health Care Cybersecurity Working Group with a bipartisan group of colleagues to examine and propose potential legislative solutions to strengthen cybersecurity in the health care and public health sector.

###