The US Department of Health and Human Services (HHS) has stated that Change Healthcare can inform consumers whose health data may have been compromised following a cyberattack earlier this year. The move, welcomed by providers, clarifies who is responsible for data breach reporting and notifications. UnitedHealth, which owns Change, agreed to handle these tasks but a breach report has not yet been filed by Change.
Dispersed responsibility, lack of asset inventory is causing gaps in medical device cybersecurity
Witnesses at a House hearing on medical device cybersecurity highlighted the need for better tracking of devices and their vulnerability to cyber threats. They noted
