CMS Teases New Cybersecurity Policies for Third-Party Vendors

The Centers for Medicare and Medicaid Services is planning oversight of third-party healthcare vendors in the wake of the Change Healthcare cyberattack, said Jonathan Blum, the agency’s principal deputy administrator. Blum, who also serves as chief operating officer for CMS, said that the agency is working to determine what levers it can pull to ensure severe disruptions in care like those linked to the cyberattack on the UnitedHealth Group subsidiary aren’t repeated. CMS declined to provide any details of its oversight strategy, but said it is collaborating with other partners across the Health and Human Services Department to “promote high-impact cybersecurity practices and enhance accountability for healthcare organizations and their vendors.”