WASHINGTON— Senators want answers from the Biden administration on the recent cyberattack that froze millions of hospital and physician insurance claims, and concrete plans to prevent the next disruptive attack on health care.
During a hearing Thursday, Senate Finance Committee Chairman Ron Wyden (D-Ore.) pressed Health and Human Services Secretary Xavier Becerra to institute cybersecurity requirements for both hospitals and insurers and to “start holding these executives [accountable] who are not doing their job in line with the kind of safety standards Americans have the right to expect on cyber.”
advertisement
The committee’s highest ranking Republican, Sen. Mike Crapo from Idaho, stopped short of pushing for tech requirements; he urged Becerra to keep the committee updated on the fallout.
HHS on Wednesday launched a probe of the attack, focusing on whether Change HealthCare, one of the nation’s largest insurance claims processing hubs, and its parent company, UnitedHealth Group, complied with federal law protecting patients’ health information.
“Every sector within health care has to get into this, because no one could keep their data doors unlocked with these cyberattacks that are occurring,” Becerra said. “We’re trying to get the best information we can to know exactly how to proceed.”
advertisement
The Senate hearing is the first test of President Biden’s vision for next year’s health care budget. The administration is requesting $130.7 billion in discretionary funding for HHS in fiscal year 2025, which includes $1.3 billion to support hospitals’ cybersecurity efforts, and a proposal to financially penalize hospitals that do not meet minimum security requirements.
The president also proposes accelerating a plan to negotiate drug prices through Medicare and would permanently extend Affordable Care Act tax credits.
Democratic senators sought during the hearing to focus on the administration’s efforts to lower drug prices through Medicare negotiation and out-of-pocket caps, while many Republicans questioned the health department’s handling of thousands of unaccompanied migrant children.
Yet the testimony repeatedly returned to cybersecurity as senators like New Hampshire Democrat Maggie Hassan described paralyzed rural hospitals unable to receive 98% of recent payments. Hassan referenced a conversation with Becerra last week, and told the room she spoke with the president on Monday about the hack.
Becerra told the senator that HHS officials met with payers and providers earlier this week and have a follow-up meeting with payers on Friday.
“They’re holding money and providers aren’t getting paid. We’re saying to them, ‘you need to start making payments. While you may not be able to receive the actual bill, you have a general sense, on a monthly basis, what these providers bill — so there’s no reason to not work out an advance payment.’” Becerra said.
He also fielded questions about reproductive rights and the abortion pill mifepristone, which is at the center of a lawsuit that the Supreme Court will hear in two weeks. Oklahoma Republican Sen. James Lankford asked Becerra if the administration would abide by the court’s decision, even if that means restricted access.
The secretary declined to speculate on the case but said, “We always follow the law.”
In the lawsuit, Danco v. The Alliance for Hippocratic Medicine, plaintiffs argue that the FDA acted politically and hastily when approving mifepristone in 2000, and later loosening prescribing restrictions during the pandemic.
The health secretary told reporters on Monday that while there were no specific line item budget requests to support abortion rights, “We’re doing everything we can to ensure that health care providers understand what their obligations under the law are to provide services to women, whether it’s under the Affordable Care Act or whether it’s under traditional sources of insurance.”